* anybody else also infected @ 2002-02-13 18:05 hongxun lee 2002-02-13 18:17 ` Randall R Schulz 0 siblings, 1 reply; 20+ messages in thread From: hongxun lee @ 2002-02-13 18:05 UTC (permalink / raw) To: cygwin mailing list Norton AntiVir complains that the file was infected by eggHead virus..but couldnt repair it.. below is the reply from Symantec for my submission. Anyone has the same experience? thanks ----- Original Message ----- From: <SecurityResponse@symantec.com> To: <lee.1801@osu.edu> Sent: Wednesday, February 13, 2002 8:42 PM Subject: SARC Automation: Tracking #1254298 > filename: C:\cygwin\bin\cygz.dll > machine: ALLELUJA > result: This file is clean > > We have determined that no virus exists on the samples provided. > > Developer notes: > C:\cygwin\bin\cygz.dll is a clean file.<BR> > > Should you have any questions about your submission, please contact > technical support at the appropriate number listed below and give them > the tracking number in the subject of this message. > > ----------------------------------------------------------------------- > This message was generated by SARC automation. > > For USA: > For electronic support options, Symantec provides On-Line Services at > http://www.symantec.com/techsupp. > Knowledge Base, FAQ's, Support Genie, and Ask a Tech are all free > services. "Chat Now!" does have charges associated with the service. Virus > information and definitions are available at > http://www.symantec.com/avcenter/index.html. > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-13 18:05 anybody else also infected hongxun lee @ 2002-02-13 18:17 ` Randall R Schulz 2002-02-13 18:23 ` hongxun lee 0 siblings, 1 reply; 20+ messages in thread From: Randall R Schulz @ 2002-02-13 18:17 UTC (permalink / raw) To: hongxun lee, cygwin Hong Xun, I scanned my copy of cygz.dll (/bin/cygz.dll) with Norton AntiVirus (with the weekly updates downloaded and installed earlier today). It found no problem with that file. For the record: % cygcheck -v cygz.dll Found: D:\cygwin\bin\cygz.dll D:\cygwin\bin\cygz.dll - os=4.0 img=1.0 sys=4.0 "cygz.dll" v0.0 ts=2002/1/20 11:41 D:\cygwin\bin\cygwin1.dll - os=4.0 img=1.0 sys=4.0 "cygwin1.dll" v0.0 ts=2002/1/21 9:48 D:\WINNT\System32\KERNEL32.dll - os=5.0 img=5.0 sys=4.0 "KERNEL32.dll" v0.0 ts=2001/8/31 15:42 D:\WINNT\System32\NTDLL.DLL - os=5.0 img=5.0 sys=4.0 "ntdll.dll" v0.0 ts=2000/11/21 22:32 D:\WINNT\System32\KERNEL32.dll (already done) % sum /bin/cygz.dll 19649 50 Randall Schulz Mountain View, CA USA At 18:05 2002-02-13, hongxun lee wrote: >Norton AntiVir complains that the file was infected by eggHead virus..but >couldnt repair it.. below is the reply from Symantec for my submission. >Anyone has the same experience? >thanks > >----- Original Message ----- >From: <SecurityResponse@symantec.com> >To: <lee.1801@osu.edu> >Sent: Wednesday, February 13, 2002 8:42 PM >Subject: SARC Automation: Tracking #1254298 > > > > filename: C:\cygwin\bin\cygz.dll > > machine: ALLELUJA > > result: This file is clean > > > > We have determined that no virus exists on the samples provided. > > > > Developer notes: > > C:\cygwin\bin\cygz.dll is a clean file.<BR> > > > > Should you have any questions about your submission, please contact > > technical support at the appropriate number listed below and give them > > the tracking number in the subject of this message. > > > > ----------------------------------------------------------------------- > > This message was generated by SARC automation. > > > > For USA: > > For electronic support options, Symantec provides On-Line Services at > > http://www.symantec.com/techsupp. > > Knowledge Base, FAQ's, Support Genie, and Ask a Tech are all free > > services. "Chat Now!" does have charges associated with the service. Virus > > information and definitions are available at > > http://www.symantec.com/avcenter/index.html. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-13 18:17 ` Randall R Schulz @ 2002-02-13 18:23 ` hongxun lee 2002-02-13 19:28 ` Michael A Chase 0 siblings, 1 reply; 20+ messages in thread From: hongxun lee @ 2002-02-13 18:23 UTC (permalink / raw) To: cygwin mailing list Thanks..but i have no ides what's wrong there. My vir-definition is updated within half an hour..my cygwin is now dead.Would you pls send to me a copy of that file for i hate to reinstall..Thanks again ----- Original Message ----- From: "Randall R Schulz" <rrschulz@cris.com> To: "hongxun lee" <lee.1801@osu.edu>; <cygwin@cygwin.com> Sent: Wednesday, February 13, 2002 9:18 PM Subject: Re: anybody else also infected > Hong Xun, > > I scanned my copy of cygz.dll (/bin/cygz.dll) with Norton AntiVirus (with > the weekly updates downloaded and installed earlier today). It found no > problem with that file. > > For the record: > > % cygcheck -v cygz.dll > Found: D:\cygwin\bin\cygz.dll > D:\cygwin\bin\cygz.dll - os=4.0 img=1.0 sys=4.0 > "cygz.dll" v0.0 ts=2002/1/20 11:41 > D:\cygwin\bin\cygwin1.dll - os=4.0 img=1.0 sys=4.0 > "cygwin1.dll" v0.0 ts=2002/1/21 9:48 > D:\WINNT\System32\KERNEL32.dll - os=5.0 img=5.0 sys=4.0 > "KERNEL32.dll" v0.0 ts=2001/8/31 15:42 > D:\WINNT\System32\NTDLL.DLL - os=5.0 img=5.0 sys=4.0 > "ntdll.dll" v0.0 ts=2000/11/21 22:32 > D:\WINNT\System32\KERNEL32.dll (already done) > > % sum /bin/cygz.dll > 19649 50 > > Randall Schulz > Mountain View, CA USA > > > At 18:05 2002-02-13, hongxun lee wrote: > >Norton AntiVir complains that the file was infected by eggHead virus..but > >couldnt repair it.. below is the reply from Symantec for my submission. > >Anyone has the same experience? > >thanks > > > >----- Original Message ----- > >From: <SecurityResponse@symantec.com> > >To: <lee.1801@osu.edu> > >Sent: Wednesday, February 13, 2002 8:42 PM > >Subject: SARC Automation: Tracking #1254298 > > > > > > > filename: C:\cygwin\bin\cygz.dll > > > machine: ALLELUJA > > > result: This file is clean > > > > > > We have determined that no virus exists on the samples provided. > > > > > > Developer notes: > > > C:\cygwin\bin\cygz.dll is a clean file.<BR> > > > > > > Should you have any questions about your submission, please contact > > > technical support at the appropriate number listed below and give them > > > the tracking number in the subject of this message. > > > > > > ----------------------------------------------------------------------- > > > This message was generated by SARC automation. > > > > > > For USA: > > > For electronic support options, Symantec provides On-Line Services at > > > http://www.symantec.com/techsupp. > > > Knowledge Base, FAQ's, Support Genie, and Ask a Tech are all free > > > services. "Chat Now!" does have charges associated with the service. Virus > > > information and definitions are available at > > > http://www.symantec.com/avcenter/index.html. > > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-13 18:23 ` hongxun lee @ 2002-02-13 19:28 ` Michael A Chase 2002-02-13 20:18 ` Randall R Schulz 0 siblings, 1 reply; 20+ messages in thread From: Michael A Chase @ 2002-02-13 19:28 UTC (permalink / raw) To: hongxun lee, cygwin mailing list Update to zlib-1.1.3-7. NAV thinks it detects the virus in the 1.1.3-6 version of the file, but not in the 1.1.3-7 version. Since you reported the false positive to SARC, the next release of the NAV data files may have it fixed as well. -- Mac :}) ** I normally forward private questions to the appropriate mail list. ** Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.htm Give a hobbit a fish and he eats fish for a day. Give a hobbit a ring and he eats fish for an age. ----- Original Message ----- From: "hongxun lee" <lee.1801@osu.edu> To: "cygwin mailing list" <cygwin@cygwin.com> Sent: Wednesday, February 13, 2002 18:23 Subject: Re: anybody else also infected > Thanks..but i have no ides what's wrong there. My vir-definition is updated > within half an hour..my cygwin is now dead.Would you pls send to me a copy > of that file for i hate to reinstall..Thanks again > > ----- Original Message ----- > From: "Randall R Schulz" <rrschulz@cris.com> > To: "hongxun lee" <lee.1801@osu.edu>; <cygwin@cygwin.com> > Sent: Wednesday, February 13, 2002 9:18 PM > Subject: Re: anybody else also infected > > > I scanned my copy of cygz.dll (/bin/cygz.dll) with Norton AntiVirus (with > > the weekly updates downloaded and installed earlier today). It found no > > problem with that file. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-13 19:28 ` Michael A Chase @ 2002-02-13 20:18 ` Randall R Schulz 2002-02-13 21:02 ` Michael A Chase 0 siblings, 1 reply; 20+ messages in thread From: Randall R Schulz @ 2002-02-13 20:18 UTC (permalink / raw) To: Michael A Chase, cygwin Michael, My NAV does not detect any virus in /bin/cygz.dll from the 1.1.3-6 package archive in my download directory. Any idea why? When was the last time you updated your NAV virus descriptions? I updated mine this AM. Randall Schulz Mountain View, CA USA At 19:27 2002-02-13, you wrote: >Update to zlib-1.1.3-7. NAV thinks it detects the virus in the 1.1.3-6 >version of the file, but not in the 1.1.3-7 version. > >Since you reported the false positive to SARC, the next release of the NAV >data files may have it fixed as well. >-- >Mac -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-13 20:18 ` Randall R Schulz @ 2002-02-13 21:02 ` Michael A Chase 0 siblings, 0 replies; 20+ messages in thread From: Michael A Chase @ 2002-02-13 21:02 UTC (permalink / raw) To: cygwin, Randall R Schulz ----- Original Message ----- From: "Randall R Schulz" <rrschulz@cris.com> To: "Michael A Chase" <mchase@ix.netcom.com>; <cygwin@cygwin.com> Sent: Wednesday, February 13, 2002 20:18 Subject: Re: anybody else also infected > My NAV does not detect any virus in /bin/cygz.dll from the 1.1.3-6 package > archive in my download directory. > > Any idea why? When was the last time you updated your NAV virus > descriptions? I updated mine this AM. > > At 19:27 2002-02-13, you wrote: > >Update to zlib-1.1.3-7. NAV thinks it detects the virus in the 1.1.3-6 > >version of the file, but not in the 1.1.3-7 version. > > > >Since you reported the false positive to SARC, the next release of the NAV > >data files may have it fixed as well. I ran LiveUpdate manually just before the last time I tested the files. I scanned the files both in the archive and after extracting. The cygz.dll in 1.1.3-6 is tagged, the copy in 1.1.3.7 isn't. WinXP Pro 5.1 Build 2600 Virus definitions: 2002/02/13 (2002/02/11 before LiveUpdate) Norton SystemWorks: 5.0.1 aka 2002.05 Build 59 NAV: 8.00.58B -- Mac :}) ** I normally forward private questions to the appropriate mail list. ** Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.htm Give a hobbit a fish and he eats fish for a day. Give a hobbit a ring and he eats fish for an age. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
[parent not found: <01A7DAF31F93D511AEE300D0B706ED92019ECD65@axcs13.cos.agilent.com>]
* Re: anybody else also infected [not found] <01A7DAF31F93D511AEE300D0B706ED92019ECD65@axcs13.cos.agilent.com> @ 2002-02-14 5:29 ` hongxun lee 2002-02-14 6:24 ` Larry Hall (RFK Partners, Inc) 0 siblings, 1 reply; 20+ messages in thread From: hongxun lee @ 2002-02-14 5:29 UTC (permalink / raw) To: KAMDAR,NILESH (A-Sonoma,ex1); +Cc: cygwin mailing list Sorry for the panic...My bet is all you can do is to update the package zlib ... NAV this morning had released its new vir-definition..Thanks ----- Original Message ----- From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2@agilent.com> To: <lee.1801@osu.edu> Sent: Wednesday, February 13, 2002 10:58 PM Subject: anybody else also infected > Hello Hongxun Lee, > > (I am not on the mailing list of cygwin so I am emailing directly to you) > > I have the same problem. My cygwin1.dll and cygz.dll file are in quarantine. > NAV claims that they are infected with the BAckdoor.Egghead virus but I dont > see any other signs besides the above 2 files. I Think NAV definitions are > wrong!!!! > > I actually have SEVERAL customers who are going to complain about this > tomorrow. So I am trying to find a quick resolution. I have also posted my > question to Symantec. > > I am hoping that Symantec sends out newer update virus definitions which DO > NOT cause this error. > > Let me know if you get any updates from them. > > Thanks. > --Nilesh Kamdar > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 5:29 ` hongxun lee @ 2002-02-14 6:24 ` Larry Hall (RFK Partners, Inc) 2002-02-14 6:35 ` Peter Buckley 0 siblings, 1 reply; 20+ messages in thread From: Larry Hall (RFK Partners, Inc) @ 2002-02-14 6:24 UTC (permalink / raw) To: hongxun lee, KAMDAR,NILESH (A-Sonoma,ex1); +Cc: cygwin mailing list Hm, it seems like this entire thread could have been avoided or at least truncated by a simple visit to the FAQ: Is setup.exe, or one of the packages, infected with a virus? http://cygwin.com/faq/faq_2.html#SEC11 Larry Hall lhall@rfk.com RFK Partners, Inc. http://www.rfk.com 838 Washington Street (508) 893-9779 - RFK Office Holliston, MA 01746 (508) 893-9889 - FAX At 08:39 AM 2/14/2002, hongxun lee wrote: >Sorry for the panic...My bet is all you can do is to update the package zlib >... >NAV this morning had released its new vir-definition..Thanks > >----- Original Message ----- >From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2@agilent.com> >To: <lee.1801@osu.edu> >Sent: Wednesday, February 13, 2002 10:58 PM >Subject: anybody else also infected > > > > Hello Hongxun Lee, > > > > (I am not on the mailing list of cygwin so I am emailing directly to you) > > > > I have the same problem. My cygwin1.dll and cygz.dll file are in >quarantine. > > NAV claims that they are infected with the BAckdoor.Egghead virus but I >dont > > see any other signs besides the above 2 files. I Think NAV definitions are > > wrong!!!! > > > > I actually have SEVERAL customers who are going to complain about this > > tomorrow. So I am trying to find a quick resolution. I have also posted my > > question to Symantec. > > > > I am hoping that Symantec sends out newer update virus definitions which >DO > > NOT cause this error. > > > > Let me know if you get any updates from them. > > > > Thanks. > > --Nilesh Kamdar > > > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Bug reporting: http://cygwin.com/bugs.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 6:24 ` Larry Hall (RFK Partners, Inc) @ 2002-02-14 6:35 ` Peter Buckley 2002-02-14 7:02 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:37 ` Christopher Faylor 0 siblings, 2 replies; 20+ messages in thread From: Peter Buckley @ 2002-02-14 6:35 UTC (permalink / raw) To: cygwin I don't think that faq would have avoided or truncated this thread. It seems related, but it is in fact different. If someone followed the instructions in the faq, they would have had a false positive reported on cygz.dll. Whenever the cygz.dll file was called (say, by invoking cygcheck), the real-time scanning of NAV popped up with "cygz.dll is infected with backdoor.egghead, and has been quarantined". Maybe an addition to that faq needs to be made, that some antivirus programs (specifically symantec) have had false positives on cygwin dlls. Just as an FYI, this same false positive for backdoor.egghead was seen on the cygwin1.dll from the 1.3.2-1 distribution. -Peter Larry Hall (RFK Partners, Inc) wrote: > Hm, it seems like this entire thread could have been avoided or at least > truncated by a simple visit to the FAQ: > > Is setup.exe, or one of the packages, infected with a virus? > http://cygwin.com/faq/faq_2.html#SEC11 > > Larry Hall lhall@rfk.com > RFK Partners, Inc. http://www.rfk.com > 838 Washington Street (508) 893-9779 - RFK Office > Holliston, MA 01746 (508) 893-9889 - FAX > > > At 08:39 AM 2/14/2002, hongxun lee wrote: > >>Sorry for the panic...My bet is all you can do is to update the package zlib >>... >>NAV this morning had released its new vir-definition..Thanks >> >>----- Original Message ----- >>From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2@agilent.com> >>To: <lee.1801@osu.edu> >>Sent: Wednesday, February 13, 2002 10:58 PM >>Subject: anybody else also infected >> >> >> >>>Hello Hongxun Lee, >>> >>>(I am not on the mailing list of cygwin so I am emailing directly to you) >>> >>>I have the same problem. My cygwin1.dll and cygz.dll file are in >>> >>quarantine. >> >>>NAV claims that they are infected with the BAckdoor.Egghead virus but I >>> >>dont >> >>>see any other signs besides the above 2 files. I Think NAV definitions are >>>wrong!!!! >>> >>>I actually have SEVERAL customers who are going to complain about this >>>tomorrow. So I am trying to find a quick resolution. I have also posted my >>>question to Symantec. >>> >>>I am hoping that Symantec sends out newer update virus definitions which >>> >>DO >> >>>NOT cause this error. >>> >>>Let me know if you get any updates from them. >>> >>>Thanks. >>>--Nilesh Kamdar >>> >>> >> >>-- >>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>Bug reporting: http://cygwin.com/bugs.html >>Documentation: http://cygwin.com/docs.html >>FAQ: http://cygwin.com/faq/ >> > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- 1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers in speech, in life, in love, in faith, and in purity. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 6:35 ` Peter Buckley @ 2002-02-14 7:02 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:13 ` Peter Buckley 2002-02-14 7:37 ` Christopher Faylor 1 sibling, 1 reply; 20+ messages in thread From: Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:02 UTC (permalink / raw) To: Peter Buckley, cygwin OK, perhaps you and I read the FAQ differently. I read it to indicate that you should assume that any reported infection from Cygwin files are false until you can determine otherwise. To me, it's worthwhile to inform the list of viruses in any Cygwin related software if the virus is real. However, allot of posts about the potential of a virus isn't really helpful to anyone and can lead newbies to panic, adding to the list volume. Personally, I've never seen a single confirmed virus in any Cygwin software in the more than 6 years I've been using it, though I've seen many a report of viruses (hence the FAQ entry about them). So I view all Cygwin virus reports on this list with a bit of healthy skepticism, unless there is evidence to support doing otherwise. I'm just suggesting that others take that message to heart and do their homework before posting. Now back to my own little utopia where everything is done right. ;-) Larry Hall lhall@rfk.com RFK Partners, Inc. http://www.rfk.com 838 Washington Street (508) 893-9779 - RFK Office Holliston, MA 01746 (508) 893-9889 - FAX At 09:35 AM 2/14/2002, Peter Buckley wrote: >I don't think that faq would have avoided or truncated this thread. It seems related, but it is in fact different. > >If someone followed the instructions in the faq, they would have had a false positive reported on cygz.dll. Whenever the cygz.dll file was called (say, by invoking cygcheck), the real-time scanning of NAV popped up with "cygz.dll is infected with backdoor.egghead, and has been quarantined". > >Maybe an addition to that faq needs to be made, that some antivirus programs (specifically symantec) have had false positives on cygwin dlls. > >Just as an FYI, this same false positive for backdoor.egghead was seen on the cygwin1.dll from the 1.3.2-1 distribution. > >-Peter > >Larry Hall (RFK Partners, Inc) wrote: > >>Hm, it seems like this entire thread could have been avoided or at least >>truncated by a simple visit to the FAQ: >>Is setup.exe, or one of the packages, infected with a virus? >>http://cygwin.com/faq/faq_2.html#SEC11 >>Larry Hall lhall@rfk.com >>RFK Partners, Inc. http://www.rfk.com >>838 Washington Street (508) 893-9779 - RFK Office >>Holliston, MA 01746 (508) 893-9889 - FAX >> >>At 08:39 AM 2/14/2002, hongxun lee wrote: >> >>>Sorry for the panic...My bet is all you can do is to update the package zlib >>>... >>>NAV this morning had released its new vir-definition..Thanks >>> >>>----- Original Message ----- >>>From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2@agilent.com> >>>To: <lee.1801@osu.edu> >>>Sent: Wednesday, February 13, 2002 10:58 PM >>>Subject: anybody else also infected >>> >>> >>> >>>>Hello Hongxun Lee, >>>> >>>>(I am not on the mailing list of cygwin so I am emailing directly to you) >>>> >>>>I have the same problem. My cygwin1.dll and cygz.dll file are in >>>quarantine. >>> >>>>NAV claims that they are infected with the BAckdoor.Egghead virus but I >>>dont >>> >>>>see any other signs besides the above 2 files. I Think NAV definitions are >>>>wrong!!!! >>>> >>>>I actually have SEVERAL customers who are going to complain about this >>>>tomorrow. So I am trying to find a quick resolution. I have also posted my >>>>question to Symantec. >>>> >>>>I am hoping that Symantec sends out newer update virus definitions which >>>DO >>> >>>>NOT cause this error. >>>> >>>>Let me know if you get any updates from them. >>>> >>>>Thanks. >>>>--Nilesh Kamdar >>>> >>> >>>-- >>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>Bug reporting: http://cygwin.com/bugs.html >>>Documentation: http://cygwin.com/docs.html >>>FAQ: http://cygwin.com/faq/ >> >>-- >>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>Bug reporting: http://cygwin.com/bugs.html >>Documentation: http://cygwin.com/docs.html >>FAQ: http://cygwin.com/faq/ > > >-- >1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers >in speech, in life, in love, in faith, and in purity. > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Bug reporting: http://cygwin.com/bugs.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:02 ` Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:13 ` Peter Buckley 2002-02-14 7:19 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:31 ` David Starks-Browning 0 siblings, 2 replies; 20+ messages in thread From: Peter Buckley @ 2002-02-14 7:13 UTC (permalink / raw) To: Larry Hall (RFK Partners, Inc); +Cc: cygwin I think we do read the faq differently- when it says "antivirus programs have been known to report false positives when extracting compressed tar archives" and "consider disabling your anti-virus software when running SETUP", I don't associate that with getting a false positive when *not* running setup, or when *not* extracting compressed tar archives. The directions in the next questions "My computer hangs when I try to run setup.exe" would not have avoided this type of false positive- namely when the realtime scanning pops up and quarantines a dll whenever it is run. I am in favor of a more general faq in light of this *new* development and *new* type of false positive- I don't know what the chances are of this happening in the future, but I would put it in the faq as a note, "NAV has had false positives in the past on cygwin dlls, please remain calm with your seatbelts fastened". I agree about the healthy skepticism- this was obviously a false positive from the very start, but I don't think the faq addresses this type of false positive. -Peter Larry Hall (RFK Partners, Inc) wrote: > OK, perhaps you and I read the FAQ differently. I read it to indicate that > you should assume that any reported infection from Cygwin files are false > until you can determine otherwise. To me, it's worthwhile to inform the > list of viruses in any Cygwin related software if the virus is real. However, > allot of posts about the potential of a virus isn't really helpful to anyone > and can lead newbies to panic, adding to the list volume. Personally, I've > never seen a single confirmed virus in any Cygwin software in the more than > 6 years I've been using it, though I've seen many a report of viruses (hence > the FAQ entry about them). So I view all Cygwin virus reports on this list > with a bit of healthy skepticism, unless there is evidence to support doing > otherwise. I'm just suggesting that others take that message to heart and > do their homework before posting. > > Now back to my own little utopia where everything is done right. ;-) > > Larry Hall lhall@rfk.com > RFK Partners, Inc. http://www.rfk.com > 838 Washington Street (508) 893-9779 - RFK Office > Holliston, MA 01746 (508) 893-9889 - FAX > > > > At 09:35 AM 2/14/2002, Peter Buckley wrote: > >>I don't think that faq would have avoided or truncated this thread. It seems related, but it is in fact different. >> >>If someone followed the instructions in the faq, they would have had a false positive reported on cygz.dll. Whenever the cygz.dll file was called (say, by invoking cygcheck), the real-time scanning of NAV popped up with "cygz.dll is infected with backdoor.egghead, and has been quarantined". >> >>Maybe an addition to that faq needs to be made, that some antivirus programs (specifically symantec) have had false positives on cygwin dlls. >> >>Just as an FYI, this same false positive for backdoor.egghead was seen on the cygwin1.dll from the 1.3.2-1 distribution. >> >>-Peter >> >>Larry Hall (RFK Partners, Inc) wrote: >> >> >>>Hm, it seems like this entire thread could have been avoided or at least >>>truncated by a simple visit to the FAQ: >>>Is setup.exe, or one of the packages, infected with a virus? >>>http://cygwin.com/faq/faq_2.html#SEC11 >>>Larry Hall lhall@rfk.com >>>RFK Partners, Inc. http://www.rfk.com >>>838 Washington Street (508) 893-9779 - RFK Office >>>Holliston, MA 01746 (508) 893-9889 - FAX >>> >>>At 08:39 AM 2/14/2002, hongxun lee wrote: >>> >>> >>>>Sorry for the panic...My bet is all you can do is to update the package zlib >>>>... >>>>NAV this morning had released its new vir-definition..Thanks >>>> >>>>----- Original Message ----- >>>>From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2@agilent.com> >>>>To: <lee.1801@osu.edu> >>>>Sent: Wednesday, February 13, 2002 10:58 PM >>>>Subject: anybody else also infected >>>> >>>> >>>> >>>> >>>>>Hello Hongxun Lee, >>>>> >>>>>(I am not on the mailing list of cygwin so I am emailing directly to you) >>>>> >>>>>I have the same problem. My cygwin1.dll and cygz.dll file are in >>>>> >>>>quarantine. >>>> >>>> >>>>>NAV claims that they are infected with the BAckdoor.Egghead virus but I >>>>> >>>>dont >>>> >>>> >>>>>see any other signs besides the above 2 files. I Think NAV definitions are >>>>>wrong!!!! >>>>> >>>>>I actually have SEVERAL customers who are going to complain about this >>>>>tomorrow. So I am trying to find a quick resolution. I have also posted my >>>>>question to Symantec. >>>>> >>>>>I am hoping that Symantec sends out newer update virus definitions which >>>>> >>>>DO >>>> >>>> >>>>>NOT cause this error. >>>>> >>>>>Let me know if you get any updates from them. >>>>> >>>>>Thanks. >>>>>--Nilesh Kamdar >>>>> >>>>> >>>>-- >>>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>>Bug reporting: http://cygwin.com/bugs.html >>>>Documentation: http://cygwin.com/docs.html >>>>FAQ: http://cygwin.com/faq/ >>>> >>>-- >>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>Bug reporting: http://cygwin.com/bugs.html >>>Documentation: http://cygwin.com/docs.html >>>FAQ: http://cygwin.com/faq/ >>> >> >>-- >>1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers >>in speech, in life, in love, in faith, and in purity. >> >> >>-- >>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>Bug reporting: http://cygwin.com/bugs.html >>Documentation: http://cygwin.com/docs.html >>FAQ: http://cygwin.com/faq/ >> > -- 1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers in speech, in life, in love, in faith, and in purity. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:13 ` Peter Buckley @ 2002-02-14 7:19 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:31 ` David Starks-Browning 1 sibling, 0 replies; 20+ messages in thread From: Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:19 UTC (permalink / raw) To: Peter Buckley; +Cc: cygwin OK, David (Starks-Browning), would you be willing to accommodate Peter's request with an FAQ entry or rewording? Larry Hall lhall@rfk.com RFK Partners, Inc. http://www.rfk.com 838 Washington Street (508) 893-9779 - RFK Office Holliston, MA 01746 (508) 893-9889 - FAX At 10:12 AM 2/14/2002, Peter Buckley wrote: >I think we do read the faq differently- when it says "antivirus programs have been known to report false positives when extracting compressed tar archives" and "consider disabling your anti-virus software when running SETUP", I don't associate that with getting a false positive when *not* running setup, or when *not* extracting compressed tar archives. > >The directions in the next questions "My computer hangs when I try to run setup.exe" would not have avoided this type of false positive- namely when the realtime scanning pops up and quarantines a dll whenever it is run. I am in favor of a more general faq in light of this *new* development and *new* type of false positive- I don't know what the chances are of this happening in the future, but I would put it in the faq as a note, "NAV has had false positives in the past on cygwin dlls, please remain calm with your seatbelts fastened". > >I agree about the healthy skepticism- this was obviously a false positive from the very start, but I don't think the faq addresses this type of false positive. > >-Peter > > >Larry Hall (RFK Partners, Inc) wrote: > >>OK, perhaps you and I read the FAQ differently. I read it to indicate that >>you should assume that any reported infection from Cygwin files are false until you can determine otherwise. To me, it's worthwhile to inform the >>list of viruses in any Cygwin related software if the virus is real. However, >>allot of posts about the potential of a virus isn't really helpful to anyone >>and can lead newbies to panic, adding to the list volume. Personally, I've >>never seen a single confirmed virus in any Cygwin software in the more than >>6 years I've been using it, though I've seen many a report of viruses (hence the FAQ entry about them). So I view all Cygwin virus reports on this list >>with a bit of healthy skepticism, unless there is evidence to support doing >>otherwise. I'm just suggesting that others take that message to heart and >>do their homework before posting. >>Now back to my own little utopia where everything is done right. ;-) >>Larry Hall lhall@rfk.com >>RFK Partners, Inc. http://www.rfk.com >>838 Washington Street (508) 893-9779 - RFK Office >>Holliston, MA 01746 (508) 893-9889 - FAX >> >>At 09:35 AM 2/14/2002, Peter Buckley wrote: >> >>>I don't think that faq would have avoided or truncated this thread. It seems related, but it is in fact different. >>> >>>If someone followed the instructions in the faq, they would have had a false positive reported on cygz.dll. Whenever the cygz.dll file was called (say, by invoking cygcheck), the real-time scanning of NAV popped up with "cygz.dll is infected with backdoor.egghead, and has been quarantined". >>> >>>Maybe an addition to that faq needs to be made, that some antivirus programs (specifically symantec) have had false positives on cygwin dlls. >>> >>>Just as an FYI, this same false positive for backdoor.egghead was seen on the cygwin1.dll from the 1.3.2-1 distribution. >>> >>>-Peter >>> >>>Larry Hall (RFK Partners, Inc) wrote: >>> >>> >>>>Hm, it seems like this entire thread could have been avoided or at least >>>>truncated by a simple visit to the FAQ: >>>>Is setup.exe, or one of the packages, infected with a virus? >>>>http://cygwin.com/faq/faq_2.html#SEC11 >>>>Larry Hall lhall@rfk.com >>>>RFK Partners, Inc. http://www.rfk.com >>>>838 Washington Street (508) 893-9779 - RFK Office >>>>Holliston, MA 01746 (508) 893-9889 - FAX >>>> >>>>At 08:39 AM 2/14/2002, hongxun lee wrote: >>>> >>>> >>>>>Sorry for the panic...My bet is all you can do is to update the package zlib >>>>>... >>>>>NAV this morning had released its new vir-definition..Thanks >>>>> >>>>>----- Original Message ----- >>>>>From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2@agilent.com> >>>>>To: <lee.1801@osu.edu> >>>>>Sent: Wednesday, February 13, 2002 10:58 PM >>>>>Subject: anybody else also infected >>>>> >>>>> >>>>> >>>>> >>>>>>Hello Hongxun Lee, >>>>>> >>>>>>(I am not on the mailing list of cygwin so I am emailing directly to you) >>>>>> >>>>>>I have the same problem. My cygwin1.dll and cygz.dll file are in >>>>>quarantine. >>>>> >>>>> >>>>>>NAV claims that they are infected with the BAckdoor.Egghead virus but I >>>>>dont >>>>> >>>>> >>>>>>see any other signs besides the above 2 files. I Think NAV definitions are >>>>>>wrong!!!! >>>>>> >>>>>>I actually have SEVERAL customers who are going to complain about this >>>>>>tomorrow. So I am trying to find a quick resolution. I have also posted my >>>>>>question to Symantec. >>>>>> >>>>>>I am hoping that Symantec sends out newer update virus definitions which >>>>>DO >>>>> >>>>> >>>>>>NOT cause this error. >>>>>> >>>>>>Let me know if you get any updates from them. >>>>>> >>>>>>Thanks. >>>>>>--Nilesh Kamdar >>>>>> >>>>>-- >>>>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>>>Bug reporting: http://cygwin.com/bugs.html >>>>>Documentation: http://cygwin.com/docs.html >>>>>FAQ: http://cygwin.com/faq/ >>>>-- >>>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>>Bug reporting: http://cygwin.com/bugs.html >>>>Documentation: http://cygwin.com/docs.html >>>>FAQ: http://cygwin.com/faq/ >>> >>>-- 1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers >>>in speech, in life, in love, in faith, and in purity. >>> >>> >>>-- >>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>Bug reporting: http://cygwin.com/bugs.html >>>Documentation: http://cygwin.com/docs.html >>>FAQ: http://cygwin.com/faq/ > > >-- >1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers >in speech, in life, in love, in faith, and in purity. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:13 ` Peter Buckley 2002-02-14 7:19 ` Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:31 ` David Starks-Browning 2002-02-14 7:37 ` Christopher Faylor 2002-02-14 7:47 ` Larry Hall (RFK Partners, Inc) 1 sibling, 2 replies; 20+ messages in thread From: David Starks-Browning @ 2002-02-14 7:31 UTC (permalink / raw) To: cygwin On Thursday 14 Feb 02, Peter Buckley writes: > I agree about the healthy skepticism- this was obviously a false > positive from the very start, but I don't think the faq addresses this > type of false positive. Addressing virus alerts in the FAQ has always been a dilemma for me. I do not like to give the advice "disable your antivirus software" or "turn off checking for C:\cygwin". It seems to me that such action could be exploited. Should the FAQ say something like "do not bother the list with virus alerts unless you have independently verified that it is not a false positive"? This would apply to all Cygwin software, package archives, DLLs, ... There was a special problem with Cygwin Setup because NAI/McAfee would hang the system when opening tar.gz archives. Maybe this is not a problem anymore, and can be removed from the FAQ. Or the advice could be simplified to be "update your antivirus software or replace it with another vendor's product". Of course not everyone can do that, but that's not our problem. Thanks for your opinions. David (Cygwin FAQ maintainer) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:31 ` David Starks-Browning @ 2002-02-14 7:37 ` Christopher Faylor 2002-02-14 7:58 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:47 ` Larry Hall (RFK Partners, Inc) 1 sibling, 1 reply; 20+ messages in thread From: Christopher Faylor @ 2002-02-14 7:37 UTC (permalink / raw) To: cygwin On Thu, Feb 14, 2002 at 03:31:22PM +0000, David Starks-Browning wrote: >On Thursday 14 Feb 02, Peter Buckley writes: >> I agree about the healthy skepticism- this was obviously a false >> positive from the very start, but I don't think the faq addresses this >> type of false positive. > >Addressing virus alerts in the FAQ has always been a dilemma for me. >I do not like to give the advice "disable your antivirus software" or >"turn off checking for C:\cygwin". It seems to me that such action >could be exploited. > >Should the FAQ say something like "do not bother the list with virus >alerts unless you have independently verified that it is not a false >positive"? This would apply to all Cygwin software, package archives, >DLLs, ... > >There was a special problem with Cygwin Setup because NAI/McAfee would >hang the system when opening tar.gz archives. Maybe this is not a >problem anymore, and can be removed from the FAQ. Or the advice could >be simplified to be "update your antivirus software or replace it with >another vendor's product". Of course not everyone can do that, but >that's not our problem. > >Thanks for your opinions. My opinion is that common-sense practices don't belong in the FAQ. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:37 ` Christopher Faylor @ 2002-02-14 7:58 ` Larry Hall (RFK Partners, Inc) 2002-02-14 8:36 ` Christopher Faylor 0 siblings, 1 reply; 20+ messages in thread From: Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:58 UTC (permalink / raw) To: cygwin At 10:37 AM 2/14/2002, you wrote: >On Thu, Feb 14, 2002 at 03:31:22PM +0000, David Starks-Browning wrote: > >On Thursday 14 Feb 02, Peter Buckley writes: > >> I agree about the healthy skepticism- this was obviously a false > >> positive from the very start, but I don't think the faq addresses this > >> type of false positive. > > > >Addressing virus alerts in the FAQ has always been a dilemma for me. > >I do not like to give the advice "disable your antivirus software" or > >"turn off checking for C:\cygwin". It seems to me that such action > >could be exploited. > > > >Should the FAQ say something like "do not bother the list with virus > >alerts unless you have independently verified that it is not a false > >positive"? This would apply to all Cygwin software, package archives, > >DLLs, ... > > > >There was a special problem with Cygwin Setup because NAI/McAfee would > >hang the system when opening tar.gz archives. Maybe this is not a > >problem anymore, and can be removed from the FAQ. Or the advice could > >be simplified to be "update your antivirus software or replace it with > >another vendor's product". Of course not everyone can do that, but > >that's not our problem. > > > >Thanks for your opinions. > >My opinion is that common-sense practices don't belong in the FAQ. I have to say I agree. However, common sense seems to be loosely interpreted on this list. I guess the question is how much of a substitute for common sense should the FAQ be? ;-) For those that need the added support, I think the altered wording that David suggests (i.e. don't bother the list with virus alerts if you can't confirm them yourself) is worthwhile, considering that we already have a couple of virus entries. Of course, I have no delusions that having FAQ entries or changed wording will eliminate virus postings to this list. I personally would just like to be able to point to the entry in response and have that end the thread. OK, I know, I'm still living close to my utopia. ;-) Larry Hall lhall@rfk.com RFK Partners, Inc. http://www.rfk.com 838 Washington Street (508) 893-9779 - RFK Office Holliston, MA 01746 (508) 893-9889 - FAX -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:58 ` Larry Hall (RFK Partners, Inc) @ 2002-02-14 8:36 ` Christopher Faylor 2002-02-14 23:22 ` Gary R. Van Sickle 0 siblings, 1 reply; 20+ messages in thread From: Christopher Faylor @ 2002-02-14 8:36 UTC (permalink / raw) To: cygwin On Thu, Feb 14, 2002 at 10:54:43AM -0500, Larry Hall (RFK Partners, Inc) wrote: >>My opinion is that common-sense practices don't belong in the FAQ. > >I have to say I agree. However, common sense seems to be loosely >interpreted on this list. I guess the question is how much of a >substitute for common sense should the FAQ be? ;-) > >For those that need the added support, I think the altered wording that >David suggests (i.e. don't bother the list with virus alerts if you >can't confirm them yourself) is worthwhile, considering that we already >have a couple of virus entries. Of course, I have no delusions that >having FAQ entries or changed wording will eliminate virus postings to >this list. I personally would just like to be able to point to the >entry in response and have that end the thread. OK, I know, I'm still >living close to my utopia. ;-) Ok. You don't live that far from me. I'll drive over and visit your utopia for a while. :-) I agree that some additional words like that will at least give us the satisfaction of saying "Did you read the FAQ?" when they are inevitably ignored. That's the best we can hope for here, I think. FWIW, I've now gotten two internal-to-redhat queries about this "problem". Thank you, Mr. Norton! cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* RE: anybody else also infected 2002-02-14 8:36 ` Christopher Faylor @ 2002-02-14 23:22 ` Gary R. Van Sickle 0 siblings, 0 replies; 20+ messages in thread From: Gary R. Van Sickle @ 2002-02-14 23:22 UTC (permalink / raw) To: cygwin > Thank you, Mr. Norton! > > cgf > Number of times I've lost data to a virus: 0. Number of times I've been alerted to a real virus by a virus scanner: 0. Number of times I've lost data to a virus scanner: 2. Norton, McCaffee, they all go in the same hopper as far as I'm concerned. (Figured I'd better get in on this thread before it dies out ;-)) -- Gary R. Van Sickle Brewer. Patriot. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 7:31 ` David Starks-Browning 2002-02-14 7:37 ` Christopher Faylor @ 2002-02-14 7:47 ` Larry Hall (RFK Partners, Inc) 1 sibling, 0 replies; 20+ messages in thread From: Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:47 UTC (permalink / raw) To: cygwin At 10:31 AM 2/14/2002, David Starks-Browning wrote: >On Thursday 14 Feb 02, Peter Buckley writes: > > I agree about the healthy skepticism- this was obviously a false > > positive from the very start, but I don't think the faq addresses this > > type of false positive. > >Addressing virus alerts in the FAQ has always been a dilemma for me. >I do not like to give the advice "disable your antivirus software" or >"turn off checking for C:\cygwin". It seems to me that such action >could be exploited. Right. I don't think it's good practice for us to recommend that. NAV has the ability to list things that should be excluded skipped. I suppose we could suggest that, although I don't know if this is a common feature and it still has some risks, though I think it's reasonable. Certainly it's the option that one must use if one finds a confirmed false positive if one doesn't want to be annoyed by the repeated complaints until the virus vendor can provide an update (assuming that the virus software can't "cure" the virus). In that respect, I personally have no problems with suggesting that as an option in this case. >Should the FAQ say something like "do not bother the list with virus >alerts unless you have independently verified that it is not a false >positive"? This would apply to all Cygwin software, package archives, >DLLs, ... IMO, absolutely! >There was a special problem with Cygwin Setup because NAI/McAfee would >hang the system when opening tar.gz archives. Maybe this is not a >problem anymore, and can be removed from the FAQ. Or the advice could >be simplified to be "update your antivirus software or replace it with >another vendor's product". Of course not everyone can do that, but >that's not our problem. I guess this one could be debatable. I have no firm stance. I guess without any additional data to indicate that this FAQ is no longer relevant, leave it to be safe. Larry Hall lhall@rfk.com RFK Partners, Inc. http://www.rfk.com 838 Washington Street (508) 893-9779 - RFK Office Holliston, MA 01746 (508) 893-9889 - FAX -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected 2002-02-14 6:35 ` Peter Buckley 2002-02-14 7:02 ` Larry Hall (RFK Partners, Inc) @ 2002-02-14 7:37 ` Christopher Faylor 1 sibling, 0 replies; 20+ messages in thread From: Christopher Faylor @ 2002-02-14 7:37 UTC (permalink / raw) To: cygwin On Thu, Feb 14, 2002 at 09:35:33AM -0500, Peter Buckley wrote: >I don't think that faq would have avoided or truncated this thread. It >seems related, but it is in fact different. > >If someone followed the instructions in the faq, they would have had a >false positive reported on cygz.dll. Whenever the cygz.dll file was >called (say, by invoking cygcheck), the real-time scanning of NAV >popped up with "cygz.dll is infected with backdoor.egghead, and has >been quarantined". Yes, but the original message that started this long thread actually had an assurance from Symantec indicating that the DLL *was not infected*. I would have thought that would have been enough to convince people that this was just a false positive. But, instead, we have a 14 (and growing) message thread. >Maybe an addition to that faq needs to be made, that some antivirus >programs (specifically symantec) have had false positives on cygwin >dlls. This is a fact of life. It's not a cygwin-specific issue. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: anybody else also infected @ 2002-02-14 12:38 Jerry Boonstra 0 siblings, 0 replies; 20+ messages in thread From: Jerry Boonstra @ 2002-02-14 12:38 UTC (permalink / raw) To: cygwin I have the same problem. NAV update 2/13/02 rev 6 reports that the cygz.dll file succumbs to the Backdoor.EggHead virus. I'm using OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f. Is this a valid issue? Is there a workaround, like backing out to an older version? j e r r y ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2002-02-15 7:22 UTC | newest] Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2002-02-13 18:05 anybody else also infected hongxun lee 2002-02-13 18:17 ` Randall R Schulz 2002-02-13 18:23 ` hongxun lee 2002-02-13 19:28 ` Michael A Chase 2002-02-13 20:18 ` Randall R Schulz 2002-02-13 21:02 ` Michael A Chase [not found] <01A7DAF31F93D511AEE300D0B706ED92019ECD65@axcs13.cos.agilent.com> 2002-02-14 5:29 ` hongxun lee 2002-02-14 6:24 ` Larry Hall (RFK Partners, Inc) 2002-02-14 6:35 ` Peter Buckley 2002-02-14 7:02 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:13 ` Peter Buckley 2002-02-14 7:19 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:31 ` David Starks-Browning 2002-02-14 7:37 ` Christopher Faylor 2002-02-14 7:58 ` Larry Hall (RFK Partners, Inc) 2002-02-14 8:36 ` Christopher Faylor 2002-02-14 23:22 ` Gary R. Van Sickle 2002-02-14 7:47 ` Larry Hall (RFK Partners, Inc) 2002-02-14 7:37 ` Christopher Faylor 2002-02-14 12:38 Jerry Boonstra
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).