Re: Cygwin setup reporter as malware
Dan Harkless via Cygwin wrote: On 12/9/2022 3:39 AM, Oskar Skog via Cygwin wrote: On 2022-12-07 23:54, Dan Harkless via Cygwin wrote: > No. It's normal and common for software like Cygwin, which has the > power to be used maliciously (as opposed to, say, a Minesweeper game or > something), to have false positives on VirusTotal for a handful of > vendors. I've never heard of SecureAge or Trapmine (hmm, maybe it > *would* flag Minesweeper...), and I'm pretty well educated in the > anti-malware space, so if it were me, I'd just ignore those false > positives and pay attention to the credible AV software results (and the > Community Score). You may have thought you were joking, but... https://www.virustotal.com/gui/file/bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41 This is not just *a* minesweeper game, it is *the* minesweeper game from Window XP. LOL! You're right, I'd never heard about that, and was just using Minesweeper as an obviously safe example program. And whaddaya know, it's SecureAge and Trapmine (oy!) that "flag" it. I guess the lesson is to always ignore SecureAge and Trapmine results on VirusTotal, and the OP should suggest VirusTotal drop those two from their AV software suite. Thanks for the amusing link, Oskar. Amusing, indeed. This was less amusing: After I released this file Dec 30, 2018, it scored 7/67 and then 13/70 a few hours later, including well-known AV vendors: https://www.virustotal.com/gui/file/bf0416c2e214c6323fdf1af8b853f761c846760f02950453c8a5bb276c961fbe After FP reports to several vendors, it slowly dropped down to 1-2 detections until March 2019. Experience since then suggests that some noise of ~2 detections from not well-known AV is normal. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin setup reporter as malware
On 12/9/2022 3:39 AM, Oskar Skog via Cygwin wrote: On 2022-12-07 23:54, Dan Harkless via Cygwin wrote: > No. It's normal and common for software like Cygwin, which has the > power to be used maliciously (as opposed to, say, a Minesweeper game or > something), to have false positives on VirusTotal for a handful of > vendors. I've never heard of SecureAge or Trapmine (hmm, maybe it > *would* flag Minesweeper...), and I'm pretty well educated in the > anti-malware space, so if it were me, I'd just ignore those false > positives and pay attention to the credible AV software results (and the > Community Score). You may have thought you were joking, but... https://www.virustotal.com/gui/file/bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41 This is not just *a* minesweeper game, it is *the* minesweeper game from Window XP. LOL! You're right, I'd never heard about that, and was just using Minesweeper as an obviously safe example program. And whaddaya know, it's SecureAge and Trapmine (oy!) that "flag" it. I guess the lesson is to always ignore SecureAge and Trapmine results on VirusTotal, and the OP should suggest VirusTotal drop those two from their AV software suite. Thanks for the amusing link, Oskar. -- Dan Harkless http://harkless.org/dan/ -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin setup reporter as malware
On 2022-12-07 23:54, Dan Harkless via Cygwin wrote: No. It's normal and common for software like Cygwin, which has the power to be used maliciously (as opposed to, say, a Minesweeper game or something), to have false positives on VirusTotal for a handful of vendors. I've never heard of SecureAge or Trapmine (hmm, maybe it *would* flag Minesweeper...), and I'm pretty well educated in the anti-malware space, so if it were me, I'd just ignore those false positives and pay attention to the credible AV software results (and the Community Score). You may have thought you were joking, but... https://www.virustotal.com/gui/file/bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41 This is not just *a* minesweeper game, it is *the* minesweeper game from Window XP. OpenPGP_0x473CD05C78734E49.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin setup reporter as malware
On Wed, Dec 7, 2022 at 9:21 AM Sylwester Rutkowski wrote: The setup-x86_64.exe is reported as malicious at > https://www.virustotal.com/gui/file/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e/detection > > Can this be resolved somehow? This is, of course, a false positive. There are basically two things you can do: 1. Exempt it from your scanner. 2. Report it to the vendor as a false positive. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin setup reporter as malware
On 12/7/2022 8:20 AM, Sylwester Rutkowski via Cygwin wrote:Hi, The setup-x86_64.exe is reported as malicious at https://www.virustotal.com/gui/file/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e/detection Can this be resolved somehow? No. It's normal and common for software like Cygwin, which has the power to be used maliciously (as opposed to, say, a Minesweeper game or something), to have false positives on VirusTotal for a handful of vendors. I've never heard of SecureAge or Trapmine (hmm, maybe it *would* flag Minesweeper...), and I'm pretty well educated in the anti-malware space, so if it were me, I'd just ignore those false positives and pay attention to the credible AV software results (and the Community Score). If you have some corporate policy requiring things to have 0 detections on VirusTotal or something, your only recourse is to contact the SecureAge and Trapmine vendors and convince them somehow to fix their false positives. -- Dan Harkless http://harkless.org/dan/ -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Cygwin setup reporter as malware
Hi, The setup-x86_64.exe is reported as malicious at https://www.virustotal.com/gui/file/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e/detection Can this be resolved somehow? Thanks, Sylwester -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple