* VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"
@ 2012-04-23 8:28 Watts, Simon (UK)
2012-04-23 8:51 ` Yaakov (Cygwin/X)
2012-04-23 11:05 ` Andrey Repin
0 siblings, 2 replies; 3+ messages in thread
From: Watts, Simon (UK) @ 2012-04-23 8:28 UTC (permalink / raw)
To: cygwin
Just performed a routine update to cygwin, which resulted in the updated XWin.exe being quarantined due to a virus threat.
Details:
setup.exe version: 2.769
source: http://cygwin.xl-mirror.nl
xorg-servers-common version: 1.12.0-4
Symantec Endpoint Protection reported XWin.exe contained "Bloodhound.Sonar.9"
file size: 2828127
hash: 157814B5160244D44E469CA9829124DABA14426F3D60E6A22B52E953625CA0B2
category: application heuristic
scan type: SONAR
SONAR Risk level: High
SONAR: High
Reverting back to 1.12.0-3 from same source does *not* show this issue.
Could be a false positive? But AV policy prevents me from running it.
Regards,
Simon.
======================================================================
Simon A Watts CPhys CITP Northrop Grumman Mission Systems Europe Ltd
Senior Software Engineer Leander House
4600 Parkway
Solent Business Park
Fareham PO15 7AZ
United Kingdom
Tel: +44 (0) 845 67 102 67
Fax: +44 (0) 845 67 102 68
swatts@ngms.eu.com
www.ngms.eu.com
Registered in England No. 2741988
======================================================================
Northrop Grumman Mission Systems Europe is a subsidiary of the Mission
Systems sector of Northrop Grumman Corporation. This email is for the
intended addressees only. If you have received it in error then you
should not use, retain, disseminate or otherwise deal with it. Please
notify the sender by return email. The views of the author may not
necessarily constitute the views of Northrop Grumman Mission Systems
Europe Ltd. Nothing in this email shall bind Northrop Grumman Mission
Systems Europe Ltd in any contract or obligation.
======================================================================
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"
2012-04-23 8:28 VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9" Watts, Simon (UK)
@ 2012-04-23 8:51 ` Yaakov (Cygwin/X)
2012-04-23 11:05 ` Andrey Repin
1 sibling, 0 replies; 3+ messages in thread
From: Yaakov (Cygwin/X) @ 2012-04-23 8:51 UTC (permalink / raw)
To: cygwin
On 2012-04-23 03:28, Watts, Simon (UK) wrote:
> Just performed a routine update to cygwin, which resulted in the updated
> XWin.exe being quarantined due to a virus threat.
http://cygwin.com/faq/faq-nochunks.html#faq.setup.virus
Yaakov
Cygwin/X
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"
2012-04-23 8:28 VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9" Watts, Simon (UK)
2012-04-23 8:51 ` Yaakov (Cygwin/X)
@ 2012-04-23 11:05 ` Andrey Repin
1 sibling, 0 replies; 3+ messages in thread
From: Andrey Repin @ 2012-04-23 11:05 UTC (permalink / raw)
To: Watts, Simon (UK), cygwin
Greetings, Watts, Simon (UK)!
> Just performed a routine update to cygwin, which resulted in the updated XWin.exe being quarantined due to a virus threat.
> Details:
> setup.exe version: 2.769
> source: http://cygwin.xl-mirror.nl
> xorg-servers-common version: 1.12.0-4
> Symantec Endpoint Protection reported XWin.exe contained "Bloodhound.Sonar.9"
> file size: 2828127
> hash: 157814B5160244D44E469CA9829124DABA14426F3D60E6A22B52E953625CA0B2
> category: application heuristic
> scan type: SONAR
> SONAR Risk level: High
> SONAR: High
> Reverting back to 1.12.0-3 from same source does *not* show this issue.
> Could be a false positive? But AV policy prevents me from running it.
From the report, it seems like it's AV heuristic backfired.
https://www.virustotal.com/file/157814b5160244d44e469ca9829124daba14426f3d60e6a22b52e953625ca0b2/analysis/
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 23.04.2012, <14:39>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-04-23 11:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-23 8:28 VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9" Watts, Simon (UK)
2012-04-23 8:51 ` Yaakov (Cygwin/X)
2012-04-23 11:05 ` Andrey Repin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).