Exclude cygwin folder from malware scans?

Aaron Humphrey alfvaen@gmail.com
Tue Jan 9 17:10:00 GMT 2007

While it's true that not many viruses will target Cygwin directly,
there are some that target folders based on string matching.  For
instance, a few years ago my computer at work caught a virus which
apparently tried to spread itself through peer-to-peer file-sharing.
It looked for folders with the string "share" in them, and then put in
a bunch of doubtless infected files with tempting names("BRITNEY
SPEARS NAKED!", etc.)in them.  So I found a bunch of these files
sitting in the C:\Cygwin\usr\share tree.  While they were doubtless
relatively harmless where they were, and weren't going to be shared
over the Internet and infect anyone that way, I still didn't want to
keep them around.

This may also have been the virus that stopped any program with the
substring "sh.exe" in it from running, presumably because they were
aware that such a program could be used to kill the executing virus
process.  Made it hard to run Cygwin.bat.

In other words, while bad virus checkers do seem to be the bane of
functional Cygwin installations (though I've never had problems with
AVG), you can't trust the Cygwin tree to never be targeted.

--Alfvaen (Web page: http://www.telusplanet.net/public/alfvaen/ )
 Current Album--LFO:Life Is Good
  Current Book--Steven Brust:Dzur
   You're too kind for your own good; you're too good for your own kind.

Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list