Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <4.3.1.2.20020214103526.01ea3ee8@pop.ma.ultranet.com>
X-Sender: lhall AT pop DOT ma DOT ultranet DOT com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Thu, 14 Feb 2002 10:43:57 -0500
To: cygwin AT cygwin DOT com
From: "Larry Hall (RFK Partners, Inc)" <lhall AT rfk DOT com>
Subject: Re: anybody else also infected
In-Reply-To: <8369-Thu14Feb2002153122+0000-starksb@ebi.ac.uk>
References: <3C6BD3F7 DOT 5080606 AT cportcorp DOT com>
 <01A7DAF31F93D511AEE300D0B706ED92019ECD65 AT axcs13 DOT cos DOT agilent DOT com>
 <4 DOT 3 DOT 1 DOT 2 DOT 20020214091816 DOT 01ee0518 AT pop DOT ma DOT ultranet DOT com>
 <4 DOT 3 DOT 1 DOT 2 DOT 20020214094510 DOT 01ea0710 AT pop DOT ma DOT ultranet DOT com>
 <3C6BD3F7 DOT 5080606 AT cportcorp DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 10:31 AM 2/14/2002, David Starks-Browning wrote:
>On Thursday 14 Feb 02, Peter Buckley writes:
> > I agree about the healthy skepticism- this was obviously a false 
> > positive from the very start, but I don't think the faq addresses this 
> > type of false positive.
>
>Addressing virus alerts in the FAQ has always been a dilemma for me.
>I do not like to give the advice "disable your antivirus software" or
>"turn off checking for C:\cygwin".  It seems to me that such action
>could be exploited.


Right.  I don't think it's good practice for us to recommend that.  NAV
has the ability to list things that should be excluded skipped.  I 
suppose we could suggest that, although I don't know if this is a common
feature and it still has some risks, though I think it's reasonable.  
Certainly it's the option that one must use if one finds a confirmed false
positive if one doesn't want to be annoyed by the repeated complaints 
until the virus vendor can provide an update (assuming that the virus
software can't "cure" the virus).  In that respect, I personally have no
problems with suggesting that as an option in this case.


>Should the FAQ say something like "do not bother the list with virus
>alerts unless you have independently verified that it is not a false
>positive"?  This would apply to all Cygwin software, package archives,
>DLLs, ...


IMO, absolutely!


>There was a special problem with Cygwin Setup because NAI/McAfee would
>hang the system when opening tar.gz archives.  Maybe this is not a
>problem anymore, and can be removed from the FAQ.  Or the advice could
>be simplified to be "update your antivirus software or replace it with
>another vendor's product".  Of course not everyone can do that, but
>that's not our problem.


I guess this one could be debatable.  I have no firm stance.  I guess 
without any additional data to indicate that this FAQ is no longer 
relevant, leave it to be safe.



Larry Hall                              lhall AT rfk DOT com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/