X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:to:message-id:subject
	:mime-version:content-type:content-transfer-encoding:references;
	 q=dns; s=default; b=XWOWhalKaxu0XToFZXE1bg/Fwh7HoigrTwScdXIg3GU
	FcU4oi7r1Sy42l7jra1XmtERTnZ447Hz4mQOUhRf6ECHL4Duem/wxwwooPrdlx7H
	4VWsVPEd1s6k1LjsPbAwSrZDLllSApb4lBJPZNFWoHwTaHCIyUoA0YRPAIN5EyK8
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:to:message-id:subject
	:mime-version:content-type:content-transfer-encoding:references;
	 s=default; bh=lpufEhqD/Da5RMi0a/QSlFniNI4=; b=l8umiMP3YZO5Z0MCE
	zTA050iiCmaNfwZ66gzSa/U10sc2FO9WG9HRTCqJ1WH0wOumyxRU0T7TkHwQL0TE
	KINUr7hqJMqWUN00OHwUVTeSy/gPeziRI6mSTqb3QdaEiNXS7rjg2K/M/NNm1V8N
	XVaDkHNTWE0YPqKSgRHYf/mLJg=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.9 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=warned, searched, threat, Protect
X-HELO: nm20.bullet.mail.bf1.yahoo.com
Date: Sun, 1 May 2016 16:38:37 +0000 (UTC)
From: Ron Gaw <ronmlgaw AT yahoo DOT com>
Reply-To: Ron Gaw <ronmlgaw AT yahoo DOT com>
To: cygwin at cygwin dot com    <cygwin AT cygwin DOT com>
Message-ID: <1262999207.5580004.1462120717636.JavaMail.yahoo@mail.yahoo.com>
Subject: Cygwin DLL 2.5.1 setup-x86_64.exe flagged by AVG for IDP.ARES.Generic
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
References: <1262999207 DOT 5580004 DOT 1462120717636 DOT JavaMail DOT yahoo DOT ref AT mail DOT yahoo DOT com>

On 4/30/2016, I was performing a regular update by running setup-x86_64.exe (not Cygwin DLL 2.5.1, was older version but have lost that info because of what came next).

During the run of setup I had downloaded earlier this year, the setup program gave the message that a newer version of setup was available.  This is standard from my experience, so I went to the Cygwin home page and downloaded the latest setup-x86_64.exe, version Cygwin DLL 2.5.1 (overwriting the previous version I had saved).

When I ran setup-x86_64.exe (the newly downloaded version 2.5.1), AVG popped up and warned that IDP.ARES.Generic was detected attempting to install, and asked me to "Protect" by removing the threat.  I (hopefully) erred on the side of caution and agreed to the protection.

I've searched the Mailing lists at Cygwin and I've Google searched for the IDP.ARES.Generic issue (including variations of the Google search to require mention of Cygwin in the results returned), but I'm not finding anything.

My currently installed Cygwin suite of apps all still seem to work fine (I wouldn't expect anything different), but wasn't sure if AVG had really found something in Cygwin SETUP or if this is a false alarm.  Not savy enough (yet) to dig into the bits inside setup-x86_64.exe and confirm the threat is real.

Sorry for the verbose background, but ... use Cygwin (apps) all the time, hoping to get a confirmation on the validity of this threat?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple