On Wed, Mar 16, 2016 at 7:44 PM, Justin S. wrote: > AVG anti-virus reported it found a virus in a Cygwin install pulled from > aarnet on 8 Jan 2014. > > "";"Virus found Win32/Heur, > C:\Users\justin\Desktop\ftp%3a%2f%2fmirror.aarnet.edu.au%2fpub%2fsourceware%2fcygwin%2f\x86\release\cygwin\cygwin-debuginfo\cygwin-debuginfo-1.7.27-2.tar.xz";"Secured" > > The AVG info on the reported virus is as follows: > > http://www.avgthreatlabs.com/au-en/virus-and-malware-information/info/win-heur/?name=Win32/Heur&utm_source=TDPU&utm_medium=SCAN&PRTYPE=AVF > > I think it has been lurking there for some time. You might want to check into > it to make sure nothing has sneaked in.
Most likely a false positive. The "heur" part indicates is was flagged by heuristic analysis rather than a known signature match. I've had several false positives from anti-virus scanners because the majority of Windows users simply don't do advanced computing, and so anything that does is "unusual" at minimum. I would start with comparing the signature of the downloaded file against the same file downloaded from other trusted sources, and if they match, submit to AVG as a likely false positive. If the signatures don't match, try to contact the mirror's maintainer and let them know about the signature mismatch and the AV flag so they can check their mirror. -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
