X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.7 required=5.0	tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW
X-Spam-Check-By: sourceware.org
Received-SPF: pass (google.com: domain of marco DOT atzeri AT gmail DOT com designates 10.68.240.135 as permitted sender) client-ip=10.68.240.135;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of marco DOT atzeri AT gmail DOT com designates 10.68.240.135 as permitted sender) smtp.mail=marco DOT atzeri AT gmail DOT com; dkim=pass header.i=marco DOT atzeri AT gmail DOT com
Message-ID: <4F4B23E1.7000609@gmail.com>
Date: Mon, 27 Feb 2012 07:34:09 +0100
From: marco atzeri <marco DOT atzeri AT gmail DOT com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Possible security problem -- in Python module
References: <BAY156-W33C29570B8FCDFF6D64D83C9690 AT phx DOT gbl>
In-Reply-To: <BAY156-W33C29570B8FCDFF6D64D83C9690@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 2/27/2012 6:01 AM, Tom Szczesny wrote:
>
>
> Sat 2012-02-25 17:39:23.0618 Begin passive write scan (330 file(s))
> Sat 2012-02-25 17:39:26.0660 Begin passive write scan (7 file(s))
> Sat 2012-02-25 17:39:27.0425 Infection detected: c:\cygwin\lib\python2.6\distutils\command\wininst-9.0.exe [MD5: 0563061137E462BF38717F90488C4504] [3/00080000] [Trojan.Dropper]
> Sat 2012-02-25 17:39:27.0425 File blocked in realtime: c:\cygwin\lib\python2.6\distutils\command\wininst-9.0.exe [MD5: 0563061137E462BF38717F90488C4504, Size: 196096 bytes] [524288/00000003] [Trojan.Dropper]
> Sat 2012-02-25 17:39:27.0425 Determination flags modified: MD5: 0563061137E462BF38717F90488C4504, Size: 196096 bytes, Flags: 00000020
> Sat 2012-02-25 17:39:27.0581 Performing cleanup entry: 1
> Sat 2012-02-25 17:39:27.0659 End passive write scan (7 file(s))
> Sat 2012-02-25 17:39:29.0921 End passive write scan (330 file(s))
>
>
>
> This was detected using "Webroot SecureAnywhere -- Complete".
>
> This may be a false possitive, but I thought I should report it. 		 	   		
>
> --

I will bet on false positive
http://www.viruschief.com/report.html?report_id=923867e00c38395a36f8ed0291bf10b5422a4022


Filename:	wininst-9.0.exe
Size (Bytes):	196096
MD5 Hash:	0563061137e462bf38717f90488c4504
Report link:

AntiVirus 	Engine Version 	Definition Version 	Status
Antivir 	7.4.0.37 	6.39.0.81 	Nothing found
ArcaVir 	1.0.4 	2006.01.27 	Nothing found
AVG 	7.5.51 	269.9.14/883 	Nothing found
BitDefender 	7.60825 	7.60825 	Nothing found
VirusBlokAda32 	3.12.16.4 	2012.02.24 	Nothing found
VirusBuster 	4.3.23:9 (2007-02-16) 	9.86.8/11.0 	Nothing found

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple