AVG scan found WIN-HEUR virus in cygwin install from aarnet ftp

Erik Soderquist ErikSoderquist@gmail.com
Thu Mar 17 00:14:00 GMT 2016

On Wed, Mar 16, 2016 at 7:44 PM, Justin S. wrote:
>   AVG anti-virus reported it found a virus in a Cygwin install pulled from aarnet on 8 Jan 2014.
> "";"Virus found Win32/Heur, C:\Users\justin\Desktop\ftp%3a%2f%2fmirror.aarnet.edu.au%2fpub%2fsourceware%2fcygwin%2f\x86\release\cygwin\cygwin-debuginfo\cygwin-debuginfo-1.7.27-2.tar.xz";"Secured"
> The AVG info on the reported virus is as follows:
> http://www.avgthreatlabs.com/au-en/virus-and-malware-information/info/win-heur/?name=Win32/Heur&utm_source=TDPU&utm_medium=SCAN&PRTYPE=AVF
> I think it has been lurking there for some time. You might want to check into it to make sure nothing has sneaked in.

Most likely a false positive.  The "heur" part indicates is was
flagged by heuristic analysis rather than a known signature match.
I've had several false positives from anti-virus scanners because the
majority of Windows users simply don't do advanced computing, and so
anything that does is "unusual" at minimum.

I would start with comparing the signature of the downloaded file
against the same file downloaded from other trusted sources, and if
they match, submit to AVG as a likely false positive.  If the
signatures don't match, try to contact the mirror's maintainer and let
them know about the signature mismatch and the AV flag so they can
check their mirror.

-- Erik

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list