From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from fnmail.ab-ovo.com (fnmail.ab-ovo.com [84.16.168.28]) by sourceware.org (Postfix) with ESMTPS id A393C3857375 for ; Tue, 19 Jul 2022 08:40:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A393C3857375 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04lp2058.outbound.protection.outlook.com [104.47.13.58]) by fnmail.ab-ovo.com with ESMTP id 26J8eos7008770-26J8eos9008770 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=CAFAIL) for ; Tue, 19 Jul 2022 10:40:50 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b0sn4i32rD0ocnkknoJFilxLQjd/FR0G7tozzP74XjnWKPrWmLG20lcKqINOJWUTYGzCIXzySPdmvEhsMXJGyDwgGW9ueLKzMbC0Nhvf5XcFsMXjJuhp64MCZpMGsmr+IPKAcNu7+Y6WGV7oLDpSUwojhxFeMV0g3IZBZj71tbQTjnIMGh3R+nlc7BR1cz4PKVg8u5mCtYTh0W3yA82XH/wHbujSw35u/n0Qx+Y+dTw73hiMczBmb70xeys3U15hkfgDRVSBwbxFhxr7jTqWVEsoFE0JKwvekyi0IMbV75Bwgn5vffwlQdaCwvTQEl+/baLC71nw42WaRxXH1x1bBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wz+NTaSJ+OCQUVAYJt6TtSQU+WnwXbL53ywQqkx+Ep0=; b=Z0tOzcPSIUu8tfK8eOIcrIu5e6aXT7MX+cQ8AwbwJ1RLvIiFP/lP2OpidUhmUCXMUYer2i8i1TTebKpq9ibKHhITcLbJabCorLszkoGMrmBdz8alZd0ykTNsiLhLPctVvJxFIbenfGUp4BmpuZi/TLP75aj6uqqN7LSgSi41R5O+Qd0mu/dUlkbf6MfXq0RM0LWrGGWGz6SnCLufKJu/6WB4/o77FzaSLawEWjWeRTDBC+pHGFK2+ZVwyHfW5bhGNDKceVRsDsUeiwqVAlr7XexMduUpNG/7ktZ1Rq2F6RcNd+bjwkoB1usgQXy/PIWQHNg28rps4feWVTFYEnC/ng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ab-ovo.com; dmarc=pass action=none header.from=ab-ovo.com; dkim=pass header.d=ab-ovo.com; arc=none Received: from DB4PR09MB5776.eurprd09.prod.outlook.com (2603:10a6:10:378::7) by DB8PR09MB3900.eurprd09.prod.outlook.com (2603:10a6:10:12b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.15; Tue, 19 Jul 2022 08:40:48 +0000 Received: from DB4PR09MB5776.eurprd09.prod.outlook.com ([fe80::cb6:7a5f:f7c0:3799]) by DB4PR09MB5776.eurprd09.prod.outlook.com ([fe80::cb6:7a5f:f7c0:3799%3]) with mapi id 15.20.5438.023; Tue, 19 Jul 2022 08:40:48 +0000 From: Tuomo Takkula To: "cygwin@cygwin.com" Subject: Fortinet AV reports virus in trust.exe Thread-Topic: Fortinet AV reports virus in trust.exe Thread-Index: AdibST06UGFilKGfTxO1zrr/oUrAgQ== Date: Tue, 19 Jul 2022 08:40:48 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cc52b33d-b557-4065-33c2-08da69626155 x-ms-traffictypediagnostic: DB8PR09MB3900:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GCnt1zPTbjMfCAgCS8LuTJAbB/hkwGHdDvhSyL64JXn5UZU9dx9x9rMetPf2ZnuvJonlGm715ULg61PZ+hyNVMgOwovfYXRRRP8NHoyylLgSgpMQ7hIybE2ZRNz6IkP3JV6qEILe9iV6Tuqjc1mcbgMq7G+BPCu2q2LGyEzvytvWREIZ2Q+mvJCOBZAAzyejrfZSO27clAtAbB8lZYtuqo9X/vWfFtkjed1fMchb+nefqvf4s2qB3yUPJZRUDhiLljUBbsbV6GyP1BU2oRY5/VGBRLWLh7E8deljvalnGMy/QpD92hHURW+W8g7/l8h0GfjbsgNvvSE8P3eek+hsAUfpQKSib36HCOU/kKwMSlZIs/lb4aYr8f/j/HYZH3pLb6+3pLQtsOWE0Rm14YWMZitB6VU5WprFHM7lA57NCKyEphlN2vEE9mmN/BqttvFgFpFHDf68U9AN9FktRP7jXNEfDVFgFZvSwP0Jk3e6gUameYqXbx6DExHeeIBNNydwtPHZaOUt6ecWyFFh+3MdmYGfoN5PFC2l2aiiRANBXDFyV3S36Y7/ObkDU5Xj0vmDbp5e3SSoUZMxdT21FePg3lzl9EQ3oyPghILWoFMsy9p+Y1nNWk4c0F1RjO86yiWQeJgM9I+zTA6JdYmuN8tusNTaIvY09WDziGoUTVlnLDs99uGo+3PuPMYeTxDKtWDCLso50RV4ZHdknyeT7jZTLAsns34tEv8Crx3BpLwZbr1iTApvJgEBUlMXnZWocf1OSVyfDVSzvsgbS4ZGLiIOBBUocUbLrfpt0u+Hvlz4+1+kZ7vsVN7gBbJr8n/4pV82 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB4PR09MB5776.eurprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(376002)(346002)(396003)(366004)(39840400004)(136003)(6916009)(316002)(478600001)(41300700001)(7696005)(33656002)(86362001)(122000001)(186003)(26005)(6506007)(9686003)(38070700005)(71200400001)(55016003)(64756008)(2906002)(66556008)(66476007)(76116006)(44832011)(8936002)(5660300002)(8676002)(66946007)(4744005)(52536014)(38100700002)(66446008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?3R6sNO9OnVjDxFC7Pj2wpt/u+TxWwOT2bt97zHenjPcoErldZZ051BIdQ1E5?= =?us-ascii?Q?hAFbMMNwSAfOUYdbc1koIhcljAVEoYi/NAsmhYrEsiHMYQ8+ErfTdyBlh6ZB?= =?us-ascii?Q?6cKSuKb5/unGNdW9hFx46k2NYAwn490smqulPKPY8eerwYc9ZHqR3qdK2bzx?= =?us-ascii?Q?46AukX27rSH5jvRyrhpL/Yn1+AQgImoOR5y6fccyrkOarKKAVv2FP9K8SP1J?= =?us-ascii?Q?M4EKq8HNau7m4IQUT5psKP7LOjYVbbDgbl+25q22vjXDu0hGydRteSG7t48e?= =?us-ascii?Q?pEnVd16MEjVmHl76iNJCVH+t+dxWqzSCj96xSzpD1TU/GcMpLFdV/iUVHQqV?= =?us-ascii?Q?PVtbrki5lI0YODarzFTe/2U31owxWShRBvSncarV44zw7YLdFSK8hUuNQ4Rx?= =?us-ascii?Q?8m9ylL5MjXc0USXThvllhizSUyxqvZQBM+QNMHqpNjzts84O0ZXaU+xf0vyz?= =?us-ascii?Q?JBRgpNcQQK+C1ShceCsvEOWNN+TzHqrTh5H2vS/4zUUfYEtCyGfOYv9pcwTE?= =?us-ascii?Q?GHSpXp6Db1M55FQJsvRACrA77o6cMJDT6HY1EIvj89clmDYmDoiM4kxQxBta?= =?us-ascii?Q?Blkg3O8PAM+7QBjjGphMxE5PDHiKA8qkUykJdSawTU07QkilmaUPReRTGPdC?= =?us-ascii?Q?Z3Fx6FSa1mNDMbwziiAdPvnNlVkZJqM2gAaXm8uJYLNjj6yyknVDifF2RVfI?= =?us-ascii?Q?2XMXlfTij4hHvL0D/mLpheLWl/Mf1duR64mXEicR316NZA0iupmbYvcT3akF?= =?us-ascii?Q?z6fEnnlWUVlhsWZBW+hbj0/DLQ88XKBtWtquWFlutK65n3pFxGdGBC6KSMQR?= =?us-ascii?Q?GbjAmtU02i0hIcAm0CNO+cH4pF7e6EgNPSeQ4biODWIs7SdT6yv/FXGU1yKq?= =?us-ascii?Q?EIsQYkucG9xg/JvCcf6ndRfgiJochfbOLlY7C7f6Uxru92QnBqzfpSOF3OcQ?= =?us-ascii?Q?x/NqUzNPB8X+Jbh8BQfQob4hOt/85X1bz0fPvMVt/sQJiMI9xM6SyBEw4Wm4?= =?us-ascii?Q?Q6ieh45NyhBTcb3hADyp63bI5EB1/jcKGU/j0TBlXYWF6y5ANvGTuf8/0uWM?= =?us-ascii?Q?Av5nS4CMDAS3iQbGksrXnq7zjgsuV38sxGrLwcQXty00+GmG+eQMH6Mt1uAV?= =?us-ascii?Q?O+AvkqWUcIZJLfA08lKw86UUOHUOmeCJ2xeE2lswEgabGAy/EDq3NnMEGNe0?= =?us-ascii?Q?bc1iv4g2K1djIMFtGVGC7PurektqSNFBiqOM1hrzAMRMtK3m6nt0CEFJSJKQ?= =?us-ascii?Q?bO1v0utu0D+ViC/j+hdsWt5HHq1MO2uegLP7GrYWC8JiBwmvjkwKfHszNSYz?= =?us-ascii?Q?UdAuEcS9VMIwDjDrzDp4RD+69hyA3vlRlC8eWlVNZZJIangWZjpD6uuzF3Pj?= =?us-ascii?Q?lTp8dyN1ftMuPCRRY7cvRUA6nxM/Xt2PXK3T9dlNq5UvW3K6WO9chScLGUid?= =?us-ascii?Q?g3UOtyi75HL5yiPY2Dn7a2UsRuDXYwQ2FKW03erok7uO1lkAZ/4p6OuqQEd/?= =?us-ascii?Q?F5CTwlIPYekjlczVHqnIu0GK6el1KMDAYk5fiGUQBmH3EmYOz+ts/o6ZaFxY?= =?us-ascii?Q?HIBpGK3nzYlk+JPBh997lugHNPzd+6+aw7qGAMgO?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: ab-ovo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DB4PR09MB5776.eurprd09.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cc52b33d-b557-4065-33c2-08da69626155 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2022 08:40:48.6719 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b0dc5ea7-1197-4510-928a-92d2cf4b77ee X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RxBYmkfRaJdktld6RythmoItKHWIu708VT4CDhuRSBYM7zys2PIdztYf1oPeQJUmYjciGDqtplXfBCjmLQhgvqs8bZNVBQyfGXYXida8gpg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR09MB3900 X-FEAS-DKIM: Valid X-FE-Policy-ID: 6:1:2:SYSTEM X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40, DKIM_SIGNED, DKIM_VALID, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2022 08:40:53 -0000 Hi, Fortinet Antivirus reported W64/Encoder.834E!tr in my local cygwin installa= tion. When I tried to rectify be reinstalling, Fortinet barked on the insta= llation files as well. As this is a company box, I'm somewhat at the end of= my tether - cannot inspect or otherwise investigate the file.=20 That is I cannot check whether it's possibly a false positive or not. What's the usual procedure for this? Best regards Tuomo