This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 2/13 PM NAV update


A better way to detect an alteration to a program is to use the "sum" 
command to generate a checksum. As I mentioned in my first resonse to Hong 
Xun, sum on my installed copy of the 1.3-6 cygz.dll yields this:

% sum /bin/cygz.dll
19649    50

For the 1.3-6 version the result is:

% sum cygz.dll
04409    49

I did another LiveUpdate of my NAV virus descriptions (getting 30 new 
definitions, as you pointed out) and ran it on the 1.3-7 (latest) cygz.dll 
and still got no "hit." However, the new descriptions do seem to detect the 
"Backdoor Egghead" virus in the 1.3-6 version of cygz.dll.

I am dubious that that DLL is really infected with a virus...Surely the 
pattern detection of NAV is susceptible to false positives, no?

There's another interesting thing here: Clicking the "Virus Info..." button 
in the detection notification dialog displays a virus information dialog 
that, among other things, says that the virus length is 0 (zero) bytes. How 
dangerous could and empty "virus" be?

Not that it matters, I'm not using that DLL and am unlikely to "downgrade" 
to it.

I'd be mildly interested in a full and complete explanation of what's going 
on here, but I'm not going to lose any sleep over it or investigate any 

Randall Schulz
Mountain View, CA USA

At 22:03 2002-02-13, Bill Siegmund wrote:
>Hongxun & Randall,
>This morning my NAV was still current as of 2/7 and protecting me against 
>58723 viruses.
>'Round 4PM PST I got an update that made me current as of 2/13 and saw the 
>count of viruses jump by 30.
>And after that the two CYGZ.DLLs on my disks began to be flagged as 
>infected by the Backdoor Egghead virus.
>I deleted them and did a complete scan that turned up _no_ infected files.
>On running "setup",  I got a version of CYGZ.DLL that the current version 
>of NAV considers clean.
>For  the record it is dated 1/20/02 11:42a and contains 50,688 Bytes.
>Bill Siegmund
>Cal-Tex Computers, Inc.
>1080 Rebecca Dr.
>Boulder Creek, California 95006

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]