X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 429A638555A0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1692741297;
	bh=owEdVSUDiUtcnAQaLQ1Xb5tZYoOrU0ze9XOd4HSVsGY=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=xLCLWycVkRy2lhyv4XUl+tcNmrPo7sNPxclwpf3+zyNZpYpOwyZ2zKkVdxaKTw5IO
	 GeV8SwARv9vcba3GUAo/q/NN497o1aEm7io81LnaXfZvuaU9EZXYdYsDUg/mdcxH72
	 2jkjk0tps50WYLfs4mgHcmaAd9b0ITXr0r05WRp4=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CAD9D3858C53
X-Authority-Analysis: v=2.4 cv=J8G5USrS c=1 sm=1 tr=0 ts=64e52e8b
 a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17
 a=IkcTkHD0fZMA:10 a=kCJs_k7SAAAA:8 a=w_pzkKWiAAAA:8 a=jO1cUtDDkYM5uDMNEdEA:9
 a=QEXdDO2ut3YA:10 a=O_VvhT6p5l8eO1peqfxq:22 a=sRI3_1zDfAgwuvI8zelB:22
Message-ID: <b9aa82b2-f9e8-db8e-de79-1de03ab3884c@Shaw.ca>
Date: Tue, 22 Aug 2023 15:54:18 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.14.0
Subject: Re: Virus Total scan
Content-Language: en-CA
To: cygwin AT cygwin DOT com
References: <LO3P123MB334069FD42052E97C5917179811FA AT LO3P123MB3340 DOT GBRP123 DOT PROD DOT OUTLOOK DOT COM>
Organization: Inglis
In-Reply-To: <LO3P123MB334069FD42052E97C5917179811FA@LO3P123MB3340.GBRP123.PROD.OUTLOOK.COM>
X-CMAE-Envelope: MS4xfDnb5yCGq2FVA/N6dQknZjGCfW89q37QtNAvP3C4x8TVsfZ4078/CY7pug8q83VWmyI5TFMbtH4oR2ZHxZjs8nLURJWsEkQeXGZdHpVRaHsEu7bov+9U
 JidcWJgjxCDTh1zDMd35GI2KGOBQgf6FYaGSC9Hxd53fCTSzg6xW48FBUbaHTnme13rs5s9GGIe2IB481Fksflj2qlgYYPaVraw=
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Brian Inglis <Brian DOT Inglis AT Shaw DOT ca>, Dom Woods - BGS <domw AT bgs DOT ac DOT uk>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 37MLswP4009711

On 2023-08-22 08:12, Dom Woods - BGS via Cygwin wrote:
> I scanned your application through Virus Total as per our company policy and
noticed that the installation process calls out to a suspicious Microsoft IP
13.107.4.50, this ip has been flagged by 8 vendors as malicious, I get varying
responses for what it is used for (an os updater or a file distributer) and
wanted to ask what does Cygwin use it for? I can't seem to contact it with
nslookup or ping it and Virus Total says that it gives a 'status 400' results so
it might not be in use anymore anyway but just wanted to check.
> 
> Here is your Virus Total graph results: https://www.virustotal.com/graph/6bad4555154b3b348d1bfb633a2e9d6086aa46e36952f456a434ecef5b0010e0
> Here is the scan of the IP address' results: https://www.virustotal.com/gui/url/3397a00da1c5aa448611892c12d38fee37fcd60321720a6e242cb0167e381901/detection

Can not see VT graph without registering - please attach if relevant.

Which Cygwin application did you scan, and how did you scan it?
Cygwin has thousands of packages with many executables in each, plus thousands 
of libraries which may have many DLLs, all developed or packaged by volunteers.

Did you get the application from the cygwin.com site, or install it using the 
installer downloaded from the site home page URL, accessing an official Cygwin 
mirror?
Any other process is entirely at your own risk and may contain malware!

It is extremely unlikely any Cygwin package attampted to access any MS address 
or resources, as the newlib libc is BSD or compatible licensed, and Cygwin is 
GPL or compatible licensed, so packages have to be limited in what they are 
allowed to do on networks during install.

Your company may have filters intercepting library and system DLLs, and much 
else on the internet, and may proxy cache downloads, which could interfere with 
anything else you do.
It would be advisable to ask your network security folks about such anomalous 
results.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple