From: Randall R Schulz <rrschulz@cris.com>
To: Bill Siegmund <ctc-dsl@pacbell.net>, lee.1801@osu.edu
Cc: cygwin@cygwin.com
Subject: Re: 2/13 PM NAV update [Correction]
Date: Wed, 13 Feb 2002 22:42:00 -0000 [thread overview]
Message-ID: <5.1.0.14.2.20020213223916.023958c8@pop3.cris.com> (raw)
Bill,
I noticed an error in my previous message.
>A better way to detect an alteration to a program is to use the "sum"
>command to generate a checksum. As I mentioned in my first resonse to Hong
>Xun, sum on my installed copy of the 1.3-6 cygz.dll yields this:
CORRECTION: I have the 1.3-7 (current) version installed, not the previous
1.3-6 and this is the 1.3-7 version's checksum:
>% sum /bin/cygz.dll
>19649 50
For completeness, the rest of my original message, unchanged, follows...
>For the 1.3-6 version the result is:
>
>% sum cygz.dll
>04409 49
>
>
>I did another LiveUpdate of my NAV virus descriptions (getting 30 new
>definitions, as you pointed out) and ran it on the 1.3-7 (latest) cygz.dll
>and still got no "hit." However, the new descriptions do seem to detect
>the "Backdoor Egghead" virus in the 1.3-6 version of cygz.dll.
>
>I am dubious that that DLL is really infected with a virus...Surely the
>pattern detection of NAV is susceptible to false positives, no?
>
>There's another interesting thing here: Clicking the "Virus Info..."
>button in the detection notification dialog displays a virus information
>dialog that, among other things, says that the virus length is 0 (zero)
>bytes. How dangerous could and empty "virus" be?
>
>Not that it matters, I'm not using that DLL and am unlikely to "downgrade"
>to it.
>
>I'd be mildly interested in a full and complete explanation of what's
>going on here, but I'm not going to lose any sleep over it or investigate
>any further.
>
>Randall Schulz
>Mountain View, CA USA
At 22:03 2002-02-13, Bill Siegmund wrote:
>Hongxun & Randall,
>
>This morning my NAV was still current as of 2/7 and protecting me against
>58723 viruses.
>
>'Round 4PM PST I got an update that made me current as of 2/13 and saw the
>count of viruses jump by 30.
>
>And after that the two CYGZ.DLLs on my disks began to be flagged as
>infected by the Backdoor Egghead virus.
>
>I deleted them and did a complete scan that turned up _no_ infected files.
>
>On running "setup", I got a version of CYGZ.DLL that the current version
>of NAV considers clean.
>
>For the record it is dated 1/20/02 11:42a and contains 50,688 Bytes.
>
>Bill Siegmund
>Cal-Tex Computers, Inc.
>1080 Rebecca Dr.
>Boulder Creek, California 95006
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next reply other threads:[~2002-02-14 6:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-13 22:42 Randall R Schulz [this message]
2002-02-13 22:46 ` Robert Collins
2002-02-14 7:26 ` 2/13 PM NAV update [Correction of Corrections] Randall R Schulz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5.1.0.14.2.20020213223916.023958c8@pop3.cris.com \
--to=rrschulz@cris.com \
--cc=ctc-dsl@pacbell.net \
--cc=cygwin@cygwin.com \
--cc=lee.1801@osu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).