Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Subject: RE: cygcrypt-0.dll false virus positive?
Date: Mon, 10 Jan 2005 11:14:30 -0500
Message-ID: <BADF3C947A1BD54FBA75C70C241B0B9E01459CE8@ex02.svr.idirect.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
From: "Harig, Mark" <maharig AT idirect DOT net>
To: "Cygwin" <cygwin AT cygwin DOT com>
X-IsSubscribed: yes
Note-from-DJ: This may be spam
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id j0AGFYrE026359


> -----Original Message-----
> From: Walter Garcia-Fontes
> Sent: Monday, January 10, 2005 10:44 AM
> To: Cygwin
> Subject: cygcrypt-0.dll false virus positive?
> 
> 
> Since this morning I get Trend Micro Office Scan antivirus to report a
> virus in /usr/bin/cygcrypt-0.dll. It is strange since this started
> without having reinstalled anything, maybe after an automatic update
> of the patterns of the antivirus. 
> 

I attempted to report this problem earlier today, also.
For some unknown reason, it did not show up in the
mailing list.  Here is a copy of the information I
have about this possible virus:


> -----Original Message-----
> Sent: Monday, January 10, 2005 10:25 AM
> To: cygwin list
> Subject: Possible virus in cygcrypt-0.dll
> 
> 
> My virus detection software (OfficeScan, version 5.58,
> engine 7.100, pattern 2.337.00) has detected the virus:
> 
>     BKDR_HACDEF.M
> 
> in the file cygcrypt0.dll, which is included in the
> Cygwin package crypt-1.1-1.  This has been detected on
> three PCs, run (independently) by two people.  It appears
> that the problem is localized to the crypt-1.1-1.tar.bz2
> file at the rcn.net mirror.
> 
> Here are the steps that I took to localize the problem after
> it had been automatically detected by my virus scanning
> software:
> 
>    1. Uninstall crypt-1.1-1 using setup.exe.
> 
>    2. Delete crypt-1.1-1.tar.bz2 from the rcn.net 'release'
>       subdirectory that installation packages are written to.
> 
>    3. Download/install crypt-1.1-1 from the planetmirror.com
>       mirror using setup.exe.
> 
>    4. Scan both the 'bin' and 'release' subdirectories for viruses.
>       No viruses were detected.
> 
>    5. Uninstall crypt-1.1-1 using setup.exe.
> 
>    6. Delete crypt-1.1-1.tar.bz2 from the planetmirror.com
>       'release' subdirectory that installation packages are
>       written to.
> 
>    7. Download/install crypt-1.1-1 from the rcn.net mirror using
>       setup.exe.
> 
>    8. Scan both the 'bin' and 'release' subdirectories for viruses.
>       The BKDR_HACDEF.M virus is detected in bin/cygcrypt-0.dll
>       and in release/crypt/crypt-1.1-1.tar.bz2.
> 
> This detection appears to be the result of a new virus pattern file
> that detects the BKDR_HACDEF.M virus, which earlier versions of
> the file did not.
> 
> ---
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/