www.delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2005/01/10/15:36:02

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 10 Jan 2005 15:35:50 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Eddie Chan <echan AT watchmark DOT com>
cc: cygwin AT cygwin DOT com
Subject: Re: cygcrypt-0.dll infected
In-Reply-To: <41E2DCC4.1060506@watchmark.com>
Message-ID: <Pine.GSO.4.61.0501101526330.24510@slinky.cs.nyu.edu>
References: <41E2DCC4 DOT 1060506 AT watchmark DOT com>
MIME-Version: 1.0
Note-from-DJ: This may be spam 

On Mon, 10 Jan 2005, Eddie Chan wrote:

> Hi,
>
> My weekly virus scan (office scan) has removed the cygcrypt-0.dll which
> was detected as infected by Backdoor.IRC.Aladin.R. I did some search on
> the internet and found that "Backdoor" virus comes with
> "cygcrypt-0.dll". I am guess that the virus scan has been updated to
> remove "Backdorr.IRC.Aladin.R" which has removed "cygcrypt-0.dll".
>
> I verify with other developers. Whenever we touch the cygcrypt-0.dll.
> The virus scan will think that it is infected and automatically remove
> it. Anyone know what to fix this problem???

Since the file hasn't been touched since October 2003, it's unlikely that
any new backdoor suddenly appeared.  Most likely your anti-virus software
detects this as a false positive, because some virus's (or trojan's)
pattern happened to coincide with what was already in the file.

It's amazing how many people use broken anti-virus software, judging by
the number of times this was reported.  The real solution is to get the
anti-virus patterns fixed.  One workaround that was suggested was to
recompile libcrypt, which removes the pattern (one can assume that the
pattern just happened to coincide with the DLL's date stamp -- go figure).

I'm half-tempted to suggest leaving the package as-is, just to force
people to complain to their anti-virus provider.  Unfortunately, all these
complaints are more likely to go to this list, thus rivaling the traffic
in the "obscenity of cygwin" thread (and we can't have that, can we?).

So, provided Corinna has the time and the inclination to build crypt-1.1-2
(identical to 1.1-1, but recompiled) and send it by private mail, can we
have a volunteer with a broken anti-virus to test this new version of
libcrypt?  If that shuts the anti-virus up, the path of least resistance
would be to release the new package...
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019