X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 	tests=AWL,BAYES_00
X-Spam-Check-By: sourceware.org
From: "Jason Pyeron" <jpyeron AT pdinc DOT us>
To: <cygwin AT cygwin DOT com>
References: <4A555ABC DOT 6020401 AT gmail DOT com> <4A55ED43 DOT 9030407 AT ebrady DOT net>
Subject: RE: Re: Virus on sed.exe
Date: Thu, 9 Jul 2009 11:14:23 -0400
Message-ID: <B33B8C07661B413F90AEBF303C181019@phoenix>
MIME-Version: 1.0
Content-Type: text/plain; 	charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <4A55ED43.9030407@ebrady.net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

> -----Original Message-----
> From: Ed Brady
> Sent: Thursday, July 09, 2009 9:15
> To: Dave Korn
> 
> Thanks,
> All file look good,  I submitted to a couple of online file 
> scanner sites and they confirmed no problem.  This appears to 
> be a false positive with CA Antivirus...
> 
> BTW: After posting this message to the board I found 6 
> additional exe files that also caused false positives.  I 
> posted these new files in a message to the board also, 
> however they all checked out good also..

BTW, it would be nice if you could include the md5sum/version/etc of the files
which had false positives in your reply so others may search/verify it.

> 
> Ed
> 
> 
> Dave Korn wrote:
> > Ed Brady wrote:
> >   
> >> I just ran a virus scan, and got a hit for sed.exe.  
> >> Win32/AMalum.ZZQIA.   Anyone else seen anything similar to this?
> >>     
> >
> >   Seen a few false positives with AVG in my personal 
> experience.  Most 
> > AVs run into the odd one now and again.  Some of them seem 
> to have a 
> > fondness for Cygwin, probably because it's not part of any of their 
> > standard testing environments, so they wouldn't notice 
> false positives 
> > in it before releasing a new .dat file.
> >
> >   
> >> I run scans frequently and have never had this show up 
> before I want 
> >> to believe that this is a false positive, but want to be sure...
> >>     
> >
> >   Here's md5sums of my versions:
> >
> > 1.5:
> > ~ $ cygcheck -c sed
> > Cygwin Package Information
> > Package              Version        Status
> > sed                  4.1.5-2        OK
> > ~ $ md5sum /bin/sed.exe
> > dd5f2d46b572b534d22f65a43916351c */bin/sed.exe
> >
> > 1.7:
> > $ cygcheck -c sed
> > Cygwin Package Information
> > Package              Version        Status
> > sed                  4.1.5-2        OK
> >
> > $ md5sum /bin/sed.exe
> > dd5f2d46b572b534d22f65a43916351c */bin/sed.exe
> >
> >   If yours match (assuming same versions of course), you're clean.  


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple