This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: cygcrypt-0.dll false virus positive?

From: "Harig, Mark" <maharig at idirect dot net>
To: "Cygwin" <cygwin at cygwin dot com>
Date: Mon, 10 Jan 2005 11:14:30 -0500
Subject: RE: cygcrypt-0.dll false virus positive?

> -----Original Message-----
> From: Walter Garcia-Fontes
> Sent: Monday, January 10, 2005 10:44 AM
> To: Cygwin
> Subject: cygcrypt-0.dll false virus positive?
> 
> 
> Since this morning I get Trend Micro Office Scan antivirus to report a
> virus in /usr/bin/cygcrypt-0.dll. It is strange since this started
> without having reinstalled anything, maybe after an automatic update
> of the patterns of the antivirus. 
> 

I attempted to report this problem earlier today, also.
For some unknown reason, it did not show up in the
mailing list.  Here is a copy of the information I
have about this possible virus:


> -----Original Message-----
> Sent: Monday, January 10, 2005 10:25 AM
> To: cygwin list
> Subject: Possible virus in cygcrypt-0.dll
> 
> 
> My virus detection software (OfficeScan, version 5.58,
> engine 7.100, pattern 2.337.00) has detected the virus:
> 
>     BKDR_HACDEF.M
> 
> in the file cygcrypt0.dll, which is included in the
> Cygwin package crypt-1.1-1.  This has been detected on
> three PCs, run (independently) by two people.  It appears
> that the problem is localized to the crypt-1.1-1.tar.bz2
> file at the rcn.net mirror.
> 
> Here are the steps that I took to localize the problem after
> it had been automatically detected by my virus scanning
> software:
> 
>    1. Uninstall crypt-1.1-1 using setup.exe.
> 
>    2. Delete crypt-1.1-1.tar.bz2 from the rcn.net 'release'
>       subdirectory that installation packages are written to.
> 
>    3. Download/install crypt-1.1-1 from the planetmirror.com
>       mirror using setup.exe.
> 
>    4. Scan both the 'bin' and 'release' subdirectories for viruses.
>       No viruses were detected.
> 
>    5. Uninstall crypt-1.1-1 using setup.exe.
> 
>    6. Delete crypt-1.1-1.tar.bz2 from the planetmirror.com
>       'release' subdirectory that installation packages are
>       written to.
> 
>    7. Download/install crypt-1.1-1 from the rcn.net mirror using
>       setup.exe.
> 
>    8. Scan both the 'bin' and 'release' subdirectories for viruses.
>       The BKDR_HACDEF.M virus is detected in bin/cygcrypt-0.dll
>       and in release/crypt/crypt-1.1-1.tar.bz2.
> 
> This detection appears to be the result of a new virus pattern file
> that detects the BKDR_HACDEF.M virus, which earlier versions of
> the file did not.
> 
> ---
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: cygcrypt-0.dll false virus positive?
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]