Virus Total scan

Brian Inglis Brian.Inglis@Shaw.ca
Tue Aug 22 21:54:18 GMT 2023 

On 2023-08-22 08:12, Dom Woods - BGS via Cygwin wrote:
> I scanned your application through Virus Total as per our company policy and
noticed that the installation process calls out to a suspicious Microsoft IP
13.107.4.50, this ip has been flagged by 8 vendors as malicious, I get varying
responses for what it is used for (an os updater or a file distributer) and
wanted to ask what does Cygwin use it for? I can't seem to contact it with
nslookup or ping it and Virus Total says that it gives a 'status 400' results so
it might not be in use anymore anyway but just wanted to check.
> 
> Here is your Virus Total graph results: https://www.virustotal.com/graph/6bad4555154b3b348d1bfb633a2e9d6086aa46e36952f456a434ecef5b0010e0
> Here is the scan of the IP address' results: https://www.virustotal.com/gui/url/3397a00da1c5aa448611892c12d38fee37fcd60321720a6e242cb0167e381901/detection

Can not see VT graph without registering - please attach if relevant.

Which Cygwin application did you scan, and how did you scan it?
Cygwin has thousands of packages with many executables in each, plus thousands 
of libraries which may have many DLLs, all developed or packaged by volunteers.

Did you get the application from the cygwin.com site, or install it using the 
installer downloaded from the site home page URL, accessing an official Cygwin 
mirror?
Any other process is entirely at your own risk and may contain malware!

It is extremely unlikely any Cygwin package attampted to access any MS address 
or resources, as the newlib libc is BSD or compatible licensed, and Cygwin is 
GPL or compatible licensed, so packages have to be limited in what they are 
allowed to do on networks during install.

Your company may have filters intercepting library and system DLLs, and much 
else on the internet, and may proxy cache downloads, which could interfere with 
anything else you do.
It would be advisable to ask your network security folks about such anomalous 
results.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

More information about the Cygwin mailing list