This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: AVG scan found WIN-HEUR virus in cygwin install from aarnet ftp

On Wed, Mar 16, 2016 at 7:44 PM, Justin S. wrote:
>   AVG anti-virus reported it found a virus in a Cygwin install pulled from aarnet on 8 Jan 2014.
> "";"Virus found Win32/Heur, C:\Users\justin\Desktop\\x86\release\cygwin\cygwin-debuginfo\cygwin-debuginfo-1.7.27-2.tar.xz";"Secured"
> The AVG info on the reported virus is as follows:
> I think it has been lurking there for some time. You might want to check into it to make sure nothing has sneaked in.

Most likely a false positive.  The "heur" part indicates is was
flagged by heuristic analysis rather than a known signature match.
I've had several false positives from anti-virus scanners because the
majority of Windows users simply don't do advanced computing, and so
anything that does is "unusual" at minimum.

I would start with comparing the signature of the downloaded file
against the same file downloaded from other trusted sources, and if
they match, submit to AVG as a likely false positive.  If the
signatures don't match, try to contact the mirror's maintainer and let
them know about the signature mismatch and the AV flag so they can
check their mirror.

-- Erik

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]