This is the mail archive of the
insight@sourceware.cygnus.com
mailing list for the Insight project.
Re: Win32.FunTime.d virus in cygwin1.dll
- To: "Powell, Walt - TOP" <wlpowelljr at bpa dot gov>
- Subject: Re: Win32.FunTime.d virus in cygwin1.dll
- From: Chris Faylor <cgf at cygnus dot com>
- Date: Tue, 11 Apr 2000 12:53:32 -0400
- Cc: "'insight at sourceware dot cygnus dot com'" <insight at sourceware dot cygnus dot com>, "Dorning, Kevin E - KGI-2" <kedorning at bpa dot gov>, "Liu, Tsu-huei- TOP" <thliu at bpa dot gov>
- References: <C1C8F90DEE8ED211BD4B0000F8FA5DE9BA6BE2@exch05.wins.bpa.gov>
On Tue, Apr 11, 2000 at 09:38:04AM -0700, Powell, Walt - TOP wrote:
>Our sysop has informed me that the file cygwin1.dll contains a virus called
>the Win32.FunTime.d.
>
>I obtained this file from the gzipped file egcs-1.1.1-cygb20.tar.gz,
>obtained from an earlier cygwin download. As far as I can tell, cygwin1.dll
>has not been altered at my site, and if this is true, the virus must have
>originated at the cygnus site.
>
>I am deeply concerned about this possibility. Can you provide any
>information or a secure version of cygwin1.dll?
I am not sure why you are sending email to the insight mailing list concerning
a DLL that you extracted from an EGCS tar file downloaded from a non-cygnus
web site.
However, we receive false alarms about this on a regular basis. There is
one virus-checking package which returns a fals positive on the Cygwin DLL.
That is not to say that it is impossible that your DLL is infected. I
would try testing it with multiple virus checking packages. If they all agree
then you probably do have an infected DLL. You can find a new DLL to download
at http://sourceware.cygnus.com/cygwin/ .
Christopher Faylor
Cygwin Engineering Manager
Cygnus Solutions, a Red Hat company