This is the mail archive of the
mailing list for the Cygwin project.
Re: 2/13 PM NAV update
- From: Randall R Schulz <rrschulz at cris dot com>
- To: Bill Siegmund <ctc-dsl at pacbell dot net>, lee dot 1801 at osu dot edu
- Cc: cygwin at cygwin dot com
- Date: Wed, 13 Feb 2002 22:33:17 -0800
- Subject: Re: 2/13 PM NAV update
A better way to detect an alteration to a program is to use the "sum"
command to generate a checksum. As I mentioned in my first resonse to Hong
Xun, sum on my installed copy of the 1.3-6 cygz.dll yields this:
% sum /bin/cygz.dll
For the 1.3-6 version the result is:
% sum cygz.dll
I did another LiveUpdate of my NAV virus descriptions (getting 30 new
definitions, as you pointed out) and ran it on the 1.3-7 (latest) cygz.dll
and still got no "hit." However, the new descriptions do seem to detect the
"Backdoor Egghead" virus in the 1.3-6 version of cygz.dll.
I am dubious that that DLL is really infected with a virus...Surely the
pattern detection of NAV is susceptible to false positives, no?
There's another interesting thing here: Clicking the "Virus Info..." button
in the detection notification dialog displays a virus information dialog
that, among other things, says that the virus length is 0 (zero) bytes. How
dangerous could and empty "virus" be?
Not that it matters, I'm not using that DLL and am unlikely to "downgrade"
I'd be mildly interested in a full and complete explanation of what's going
on here, but I'm not going to lose any sleep over it or investigate any
Mountain View, CA USA
At 22:03 2002-02-13, Bill Siegmund wrote:
>Hongxun & Randall,
>This morning my NAV was still current as of 2/7 and protecting me against
>'Round 4PM PST I got an update that made me current as of 2/13 and saw the
>count of viruses jump by 30.
>And after that the two CYGZ.DLLs on my disks began to be flagged as
>infected by the Backdoor Egghead virus.
>I deleted them and did a complete scan that turned up _no_ infected files.
>On running "setup", I got a version of CYGZ.DLL that the current version
>of NAV considers clean.
>For the record it is dated 1/20/02 11:42a and contains 50,688 Bytes.
>Cal-Tex Computers, Inc.
>1080 Rebecca Dr.
>Boulder Creek, California 95006
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html