| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| From: | =?ISO-8859-1?Q?Ren=E9_Berber?= <r DOT berber AT computer DOT org> |
| Subject: | Re: report from virustotal / setup.exe from cygwin.com may be corrupt? |
| Date: | Mon, 01 Sep 2008 01:41:23 -0500 |
| Lines: | 29 |
| Message-ID: | <g9g2ql$36q$1@ger.gmane.org> |
| References: | <c6ec56fa0808312245l769d3debu4f35484491cfee97 AT mail DOT gmail DOT com> |
| Mime-Version: | 1.0 |
| User-Agent: | Thunderbird 2.0.0.16 (Windows/20080708) |
| In-Reply-To: | <c6ec56fa0808312245l769d3debu4f35484491cfee97@mail.gmail.com> |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Eric Freudenthal wrote: > I just downloaded setup.exe from cygwin.com and sent it to virustotal. > A couple of services didn't like it: >=20 > the report: > http://www.virustotal.com/analisis/ccb64d1f4e157ba250e1649f46868196 >=20 > details: > eSafe 7.0.17.0 2008.08.31 Suspicious File > Prevx1 V2 2008.09.01 Suspicious That means nothing, if sddt.exe is a known virus it should say so clearly. Notice that none of the big names report anything. The latest setup.exe uses a digital signature to protect against this very kind of problem, the installation packages are checked using a MD5 check sum. The possibility of somebody adding an infection is remote but, as Dave Korn's reply said, if it was, the virus must be inside one of the packages (and setup.ini had to be forged, and a pre- or post-install script changed to run the virus)... I'm not sure if it really is possible to spread it like that. You need to check the whole disk to find out where it is. If i remember correctly, several of the major anti-virus companies offer a scan through the Web (also the link I sent in my reply, but I don't know those guys). --=20 Ren=E9 Berber -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |