Re: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Andrey Repin <anrdaemon@freemail.ru>
To: "Watts, Simon (UK)" <SWATTS@ngms.eu.com>, cygwin@cygwin.com
Subject: Re: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"
Date: Mon, 23 Apr 2012 11:05:00 -0000	[thread overview]
Message-ID: <2610076794.20120423145223@mtu-net.ru> (raw)
In-Reply-To: <D466D8ED2A535D448228E410781DF5E48087A89DBC@APOLLOCCR.ng.local>

Greetings, Watts, Simon (UK)!

> Just performed a routine update to cygwin, which resulted in the updated XWin.exe being quarantined due to a virus threat.

> Details:

>         setup.exe version:      2.769
>         source:         http://cygwin.xl-mirror.nl
>         xorg-servers-common version:    1.12.0-4

> Symantec Endpoint Protection reported XWin.exe contained "Bloodhound.Sonar.9"

>         file size:      2828127
>         hash:   157814B5160244D44E469CA9829124DABA14426F3D60E6A22B52E953625CA0B2
>         category:       application heuristic
>         scan type:      SONAR
>         SONAR Risk level:       High
>         SONAR:  High

> Reverting back to 1.12.0-3 from same source does *not* show this issue.

> Could be a false positive?  But AV policy prevents me from running it.

From the report, it seems like it's AV heuristic backfired.
https://www.virustotal.com/file/157814b5160244d44e469ca9829124daba14426f3d60e6a22b52e953625ca0b2/analysis/


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 23.04.2012, <14:39>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

     prev parent reply	other threads:[~2012-04-23 11:05 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-23  8:28 Watts, Simon (UK)
2012-04-23  8:51 ` Yaakov (Cygwin/X)
2012-04-23 11:05 ` Andrey Repin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2610076794.20120423145223@mtu-net.ru \
    --to=anrdaemon@freemail.ru \
    --cc=SWATTS@ngms.eu.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).