This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: report from virustotal / setup.exe from cygwin.com may be corrupt?


Eric Freudenthal wrote:

> I just downloaded setup.exe from cygwin.com and sent it to virustotal.
>  A couple of services didn't like it:
> 
> the report:
> http://www.virustotal.com/analisis/ccb64d1f4e157ba250e1649f46868196
> 
> details:
> eSafe 7.0.17.0 2008.08.31 Suspicious File
> Prevx1 V2 2008.09.01 Suspicious

That means nothing, if sddt.exe is a known virus it should say so
clearly.  Notice that none of the big names report anything.

The latest setup.exe uses a digital signature to protect against this
very kind of problem, the installation packages are checked using a MD5
check sum.  The possibility of somebody adding an infection is remote
but, as Dave Korn's reply said, if it was, the virus must be inside one
of the packages (and setup.ini had to be forged, and a pre- or
post-install script changed to run the virus)... I'm not sure if it
really is possible to spread it like that.

You need to check the whole disk to find out where it is.  If i remember
correctly, several of the major anti-virus companies offer a scan
through the Web (also the link I sent in my reply, but I don't know
those guys).
-- 
René Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]