This is the mail archive of the
mailing list for the Cygwin project.
Re: setup-x86.exe has virus and is blocked by Malware Detectors
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Robert Pendell <shinji+cygwin at elite-systems dot org>, cygwin at cygwin dot com
- Date: Tue, 20 May 2014 01:26:45 +0400
- Subject: Re: setup-x86.exe has virus and is blocked by Malware Detectors
- Authentication-results: sourceware.org; auth=none
- References: <1400181948 dot 68721 dot YahooMailNeo at web121901 dot mail dot ne1 dot yahoo dot com> <20140515193629 dot GA18612 at tastycake dot net> <20140515194537 dot GB1733 at ednor dot casa dot cgf dot cx> <CAAeCd-MSgepSPPt9i_750nUHSZ-ry0ttb5E14t-synzLyP1GVg at mail dot gmail dot com>
- Reply-to: cygwin at cygwin dot com
Greetings, Robert Pendell!
>>>> I agree, it probably does not have a virus; but it has a virus signature.
>>>This is covered in the FAQ at http://cygwin.com/faq.html#faq.setup.virus
>> Thanks for pointing that out. I should have remembered the FAQ.
> It is actually flagging the fact that setup.exe is packed using upx
> since at one point (or maybe still) virus authors had packed their
> binaries with upx in order to try to evade scanners. Upx in itself
> though is not a virus and the false flag should probably be removed by
> the antivirus company.
More so, normal (i.e. modern) antivirus scanners are capable of unpacking UPX
archives since... I really can't remember, most of the scanners I've been
working with were capable of that in '95. May be earlier.
Blatantly marking anything that is packed with UPX as a malware is... telling
us so much about the quality of scanner code and sanity of it's authors.
Andrey Repin (email@example.com) 20.05.2014, <01:24>
Sorry for my terrible english...
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple