From: Andrey Repin <anrdaemon@freemail.ru>
To: "Watts, Simon (UK)" <SWATTS@ngms.eu.com>, cygwin@cygwin.com
Subject: Re: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"
Date: Mon, 23 Apr 2012 11:05:00 -0000 [thread overview]
Message-ID: <2610076794.20120423145223@mtu-net.ru> (raw)
In-Reply-To: <D466D8ED2A535D448228E410781DF5E48087A89DBC@APOLLOCCR.ng.local>
Greetings, Watts, Simon (UK)!
> Just performed a routine update to cygwin, which resulted in the updated XWin.exe being quarantined due to a virus threat.
> Details:
> setup.exe version: 2.769
> source: http://cygwin.xl-mirror.nl
> xorg-servers-common version: 1.12.0-4
> Symantec Endpoint Protection reported XWin.exe contained "Bloodhound.Sonar.9"
> file size: 2828127
> hash: 157814B5160244D44E469CA9829124DABA14426F3D60E6A22B52E953625CA0B2
> category: application heuristic
> scan type: SONAR
> SONAR Risk level: High
> SONAR: High
> Reverting back to 1.12.0-3 from same source does *not* show this issue.
> Could be a false positive? But AV policy prevents me from running it.
From the report, it seems like it's AV heuristic backfired.
https://www.virustotal.com/file/157814b5160244d44e469ca9829124daba14426f3d60e6a22b52e953625ca0b2/analysis/
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 23.04.2012, <14:39>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
prev parent reply other threads:[~2012-04-23 11:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-23 8:28 Watts, Simon (UK)
2012-04-23 8:51 ` Yaakov (Cygwin/X)
2012-04-23 11:05 ` Andrey Repin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2610076794.20120423145223@mtu-net.ru \
--to=anrdaemon@freemail.ru \
--cc=SWATTS@ngms.eu.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).