X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=rZ72sUZjKPipQPuz
	QwOep0noIpVYRduWadNZkq6NNnwoU73Db1Eyetf76htk7FYVzlesJgcui5jTFlHP
	MVsY8RDJ6xxqBnW+zLAN0bfVVOlYlfZpM5o/9v6tSCJMhZZhP+CzP2IqSIVS3pxC
	axU1ykcr6c2rLtuQI8gPN//5z4w=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=1jtggx19F3DA6gKUfwBgi2
	/zR0s=; b=O2q9za4YVY1qYEMbG+05tBuv9GYnihOtHqYiM8q91eWqz2y37BJ0yT
	j8WpSgdyfdvckPOxBW/XxSXFQ1y7auR3rOvqn0wN16EpBmGjRiAV3wGruntBYxbX
	derRDd13HCAFu5xYwaFwVlQA/TMzDM1wXp42PXKaJNXJBEnejYr20=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=businesses, auditing, risks, competent
X-HELO: smtp-out-no.shaw.ca
X-Authority-Analysis: v=2.2 cv=HahkdmM8 c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=N659UExz7-8A:10 a=D9Udk0m-AAAA:8 a=CCpqsmhAAAAA:8 a=w_pzkKWiAAAA:8 a=TMoWSEoCtGozzCsN8RcA:9 a=AWgARx-kvcoi5192:21 a=dBYONuOCKf7yVMvf:21 a=pILNOxqGKmIA:10 a=VRxYQP3hgegA:10 a=C6Y24I6zAXqVcWszXxWR:22 a=ul9cdbp4aOFLsgKbc677:22 a=sRI3_1zDfAgwuvI8zelB:22
Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject: Re: Symantec AntiVirus False Positive
To: cygwin AT cygwin DOT com
References: <aa6dfc973cbe41e19845a3191cdf3c99 AT SD3EXC06A DOT k12 DOT sd DOT local> <daf2c312e4b3495ab9f9767fd89d2ade AT SD3EXC06A DOT k12 DOT sd DOT local> <04ebad0fd4234974bd158b61a6767822 AT SD3EXC06A DOT k12 DOT sd DOT local> <87fua8vzmj DOT fsf AT localhost DOT localdomain DOT i-did-not-set--mail-host-address--so-tickle-me>
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Message-ID: <d149123a-0a9c-1b30-bcb8-ad7f480cc4d3@SystematicSw.ab.ca>
Date: Tue, 24 Oct 2017 21:42:24 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <87fua8vzmj.fsf@localhost.localdomain.i-did-not-set--mail-host-address--so-tickle-me>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfOefM0dWJADJx+kIAw43Ibg7Um8j1Q47gcrVtjnaeQkYoG6Op5KV//KbAr77YNyPbKetCiIYLi6GvR7y+LYOKnGqulOZHg7F9uYqgY55la+Tttbg9eEr 0g1yUt6r7haaIsZWv035gIm5EIJV9IB/fc+4ZDRBQJTCUdKxSe9yQO4+Gi2cgMbNPNWEY8Wb0fypsA==
X-IsSubscribed: yes

On 2017-10-24 18:29, J.McNamara wrote:
> 
> Harrod, Norm (UJS) writes:
> 
>> https://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854-99&vid=4294919973
>>
>> setup-x86_64.exe
>> RISK WS.Reputation.1

See https://sourceware.org/ml/cygwin/2017-07/msg00097.html after last setup change.

>> Unfortunately, this will not allow for use on business networks using
>> Symantec. Not sure who controls the approval of Reputation for Cygwin. 

Symantec - they just rate everything they have not excluded (e.g. real risks to
you from big commercial products, and them from big vendor lawyers, such as MS
Office, Adobe suites, Oracle Java) as a "Reputation" risk, which generates a lot
of false positives they expect the smaller vendor developers to resolve with
them, and leaves a lot of open source projects without the resources to do that,
and their users, stuck. Symantec's Dispute page now gives 404!

There should be a setting or option on warning, to allow you to bypass these
"reputation risks", as they are unsupported by any evidence. You org may have a
group policy in effect to disallow this, and you may have to follow up
internally to have this bypassed for https://cygwin.com/setup-x86{_64}.exe: they
can validate the HTTPS cert and the gpg/pgp
https://cygwin.com/setup-x86{_64}.exe.sig if they want to be sure.

Remember Symantec outsourced all this to India starting in 2004, and recently
had to divest their CAs and businesses to a competent CA, after a number of
certification problems were not responded to or addressed to the satisfaction of
the CA/Browser Forum (of which Symantec are a founding member), and criticisms
of Symantec neither following nor auditing CA practices, led by Google Chrome
and Mozilla root CA teams.

> I used to have problems with rebase getting stuck. I tried to bring it
> to Webroots attention. They had this laundry list of all this stuff to
> do to submit a ticket. I told them it is a problem. It is not enough to
> do that. They wanted to me to be a tester. I thought I am convincing
> enough so no thanks.

The OP can see if there are any usable links in the Symantec product Quarantine
section to report a false positive, and look in their Tools/NoSupport directory
for utilities to take programs out of quarantine, mentioned on their web site.
Better AV products allow this with a click, with another to report it as a false
positive and submit a sample. Many AV products report a false positive on any
(sometimes every) upgrade of installers and system level utilities, until
someone complains.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple