This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: report from virustotal / setup.exe from cygwin.com may be corrupt?


René Berber wrote on 01 September 2008 07:41:

> Eric Freudenthal wrote:
> 
>> I just downloaded setup.exe from cygwin.com and sent it to virustotal.
>>  A couple of services didn't like it:
>> 
>> the report:
>> http://www.virustotal.com/analisis/ccb64d1f4e157ba250e1649f46868196
>> 
>> details:
>> eSafe 7.0.17.0 2008.08.31 Suspicious File
>> Prevx1 V2 2008.09.01 Suspicious
> 
> That means nothing, if sddt.exe is a known virus it should say so
> clearly.  Notice that none of the big names report anything.

  It's quite likely they're just indiscriminately flagging up all UPX-packed
executables as inherently suspicious.  I can confirm that setup.exe on
cygwin.com still matches the version that I built on my home PC and uploaded
there:

~ $ wget http://cygwin.com/setup.exe
--2008-09-01 08:30:47--  http://cygwin.com/setup.exe
Resolving cygwin.com... 209.132.176.174
Connecting to cygwin.com|209.132.176.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 585728 (572K) [application/octet-stream]
Saving to: `setup.exe'

100%[======================================>] 585,728      239K/s   in 2.4s

2008-09-01 08:30:51 (239 KB/s) - `setup.exe' saved [585728/585728]

@_______. .
(       /"\
 ||--||(___)
 '"  '"'---'
~ $ md5sum setup.exe
4f3f250cb9704fda2c241347cb689a8f *setup.exe
@_______. .
(       /"\
 ||--||(___)
 '"  '"'---'
~ $ md5sum /tmp/apps/objmerge/setup-2.573.2.3.exe
4f3f250cb9704fda2c241347cb689a8f */tmp/apps/objmerge/setup-2.573.2.3.exe
@_______. .
(       /"\
 ||--||(___)
 '"  '"'---'
~ $


> but, as Dave Korn's reply said, if it was, the virus must be inside one
> of the packages (and setup.ini had to be forged, and a pre- or
> post-install script changed to run the virus)... I'm not sure if it
> really is possible to spread it like that.

  /Was/ possible.  Isn't now! :)

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]