This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: setup-x86.exe has virus and is blocked by Malware Detectors


Greetings, Robert Pendell!

>>>> I agree, it probably does not have a virus; but it has a virus signature.
>>>
>>>This is covered in the FAQ at http://cygwin.com/faq.html#faq.setup.virus
>>
>> Thanks for pointing that out.  I should have remembered the FAQ.

> It is actually flagging the fact that setup.exe is packed using upx
> since at one point (or maybe still) virus authors had packed their
> binaries with upx in order to try to evade scanners.  Upx in itself
> though is not a virus and the false flag should probably be removed by
> the antivirus company.

More so, normal (i.e. modern) antivirus scanners are capable of unpacking UPX
archives since... I really can't remember, most of the scanners I've been
working with were capable of that in '95. May be earlier.
Blatantly marking anything that is packed with UPX as a malware is... telling
us so much about the quality of scanner code and sanity of it's authors.


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 20.05.2014, <01:24>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]