Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: cygcrypt-0.dll false virus positive? Date: Mon, 10 Jan 2005 11:14:30 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Harig, Mark" To: "Cygwin" X-IsSubscribed: yes Note-from-DJ: This may be spam Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id j0AGFYrE026359 > -----Original Message----- > From: Walter Garcia-Fontes > Sent: Monday, January 10, 2005 10:44 AM > To: Cygwin > Subject: cygcrypt-0.dll false virus positive? > > > Since this morning I get Trend Micro Office Scan antivirus to report a > virus in /usr/bin/cygcrypt-0.dll. It is strange since this started > without having reinstalled anything, maybe after an automatic update > of the patterns of the antivirus. > I attempted to report this problem earlier today, also. For some unknown reason, it did not show up in the mailing list. Here is a copy of the information I have about this possible virus: > -----Original Message----- > Sent: Monday, January 10, 2005 10:25 AM > To: cygwin list > Subject: Possible virus in cygcrypt-0.dll > > > My virus detection software (OfficeScan, version 5.58, > engine 7.100, pattern 2.337.00) has detected the virus: > > BKDR_HACDEF.M > > in the file cygcrypt0.dll, which is included in the > Cygwin package crypt-1.1-1. This has been detected on > three PCs, run (independently) by two people. It appears > that the problem is localized to the crypt-1.1-1.tar.bz2 > file at the rcn.net mirror. > > Here are the steps that I took to localize the problem after > it had been automatically detected by my virus scanning > software: > > 1. Uninstall crypt-1.1-1 using setup.exe. > > 2. Delete crypt-1.1-1.tar.bz2 from the rcn.net 'release' > subdirectory that installation packages are written to. > > 3. Download/install crypt-1.1-1 from the planetmirror.com > mirror using setup.exe. > > 4. Scan both the 'bin' and 'release' subdirectories for viruses. > No viruses were detected. > > 5. Uninstall crypt-1.1-1 using setup.exe. > > 6. Delete crypt-1.1-1.tar.bz2 from the planetmirror.com > 'release' subdirectory that installation packages are > written to. > > 7. Download/install crypt-1.1-1 from the rcn.net mirror using > setup.exe. > > 8. Scan both the 'bin' and 'release' subdirectories for viruses. > The BKDR_HACDEF.M virus is detected in bin/cygcrypt-0.dll > and in release/crypt/crypt-1.1-1.tar.bz2. > > This detection appears to be the result of a new virus pattern file > that detects the BKDR_HACDEF.M virus, which earlier versions of > the file did not. > > --- > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/