On 2020-04-21 12:33, Marco Atzeri via Cygwin wrote: > Am 21.04.2020 um 18:08 schrieb Antonio Cesar Rosa: >> I do not think so. See the output from Virustotal: >> 2431de4597a2162f3e1d60af90f638b41677265b07cc66fcb0231fdde452c841 >> setup-x86_64.exe 1.29 MB 2020-04-21 00:31:19 UTC >> Size >> 15 hours ago >> 64bits direct-cpu-clock-access overlay peexe runtime-modules >> DETECTION DETAILS BEHAVIOR COMMUNITY >> SecureAge APEX Malicious MaxSecure Trojan.Malware.300983.susgen >> Lastline MALWARE Acronis Undetected
Scoring 2[.5]/71 is not exactly a threatening consensus - believe the 69 and ignore the 2[.5]. The URL check has eight more checkers excluding the three false positives score 0/80. Many AVs use "heuristic/WAG" approaches which often give false positives on installers. This group probably sees about one false positive a month, but I don't ever recall a real issue in about/over ten years. > please reply on mailing list in copy. > Virus Total with the URL https://cygwin.com/setup-x86_64.exe > gives all clean. > If you have a different result. likely you have a tampered file. > And using the signature available on > https://cygwin.com/install.html > we also have: > $ gpg2 --verify setup-x86_64.exe.sig > gpg: assuming signed data in 'setup-x86_64.exe' > gpg: Signature made Sat, Mar 21, 2020 6:35:25 PM CET > gpg: using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA > gpg: checking the trustdb > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u > gpg: next trustdb check due at 2022-02-26 > gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [ultimate] > gpg: Signature made Sat, Mar 21, 2020 6:35:25 PM CET > gpg: using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300 > gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full] $ TZ=UTC wget -N http://cygwin.com/setup-x86{_64,}.exe{.sig,} 2020-04-21 21:26:37 URL:http://cygwin.com/setup-x86_64.exe.sig [661/661] -> "setup-x86_64.exe.sig" [1] 2020-04-21 21:26:38 URL:http://cygwin.com/setup-x86_64.exe [1352723/1352723] -> "setup-x86_64.exe" [1] 2020-04-21 21:26:38 URL:http://cygwin.com/setup-x86.exe.sig [661/661] -> "setup-x86.exe.sig" [1] 2020-04-21 21:26:41 URL:http://cygwin.com/setup-x86.exe [1248787/1248787] -> "setup-x86.exe" [1] FINISHED --2020-04-21 21:26:41-- Total wall clock time: 4.4s Downloaded: 4 files, 2.5M in 2.2s (1.12 MB/s) $ TZ=UTC ls -glo --full setup-x86{_64,}.exe{.sig,} -rw-r--r--+ 1 1248787 2020-03-21 17:28:48.000000000 +0000 setup-x86.exe -rw-r--r--+ 1 661 2020-03-21 17:29:04.000000000 +0000 setup-x86.exe.sig -rw-r--r--+ 1 1352723 2020-03-21 17:35:04.000000000 +0000 setup-x86_64.exe -rw-r--r--+ 1 661 2020-03-21 17:35:25.000000000 +0000 setup-x86_64.exe.sig $ TZ=UTC sha256sum setup-x86{_64,}.exe{.sig,} 9e99b618cf6cf0e7a6efac9bff2028acebdb44fd552407e4cb7839f0867b035e *setup-x86_64.exe.sig 2431de4597a2162f3e1d60af90f638b41677265b07cc66fcb0231fdde452c841 *setup-x86_64.exe c7b45a34a0ef18b409a385c7157fd7bb68a799148c212bab74037e0438f5addb *setup-x86.exe.sig d218a41a45fcec581affd0e1ccc66011aa06a3a9b299576104546074e8480064 *setup-x86.exe $ TZ=UTC gpg2 --verify setup-x86_64.exe{.sig,} gpg: Signature made 2020 Mar 21 Sat 17:35:25 UTC gpg: using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full] gpg: Signature made 2020 Mar 21 Sat 17:35:25 UTC gpg: using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300 gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full] $ TZ=UTC gpg2 --verify setup-x86.exe{.sig,} gpg: Signature made 2020 Mar 21 Sat 17:29:04 UTC gpg: using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full] gpg: Signature made 2020 Mar 21 Sat 17:29:04 UTC gpg: using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300 gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full] Same files from a month ago with same digests and signatures. Many have downloaded and used it in that timeframe for dozens of package installs and upgrades with no issues or reports before yours. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
