Fixed (Heuristics): GNU sync (coreutils) tagged heuristically as IRCbot.wln

C

CarolinaCalling

New member
A moment ago I got this:

8/9/2012 09:20:40 (EDT) Encountered and terminated IRCBot.wln in C:\cygwin\bin\sync.exe!

This file is the sync command from GNU (coreutils) and is used by Cygwin as such. I verified that the executable had not been modified from that in the Cygwin coreutils-8.15.1-1.tar.bz distribution. (I extracted it again and compared the two executables.) The MD5 checksum of the archive was also correct.

How exactly does the heuristic conclude that this is IRCbot.wln?
 
Additionally, I received the following:

8/9/2012 14:16:50 (EDT) Encountered and terminated IRCBot.wln in C:\cygwin\bin\hostname.exe!

This is also from GNU Coreutils. It too checks out when compared to the archive.
 
Thank you for reporting this false positive.
The next detection update scheduled for Wednesday 2012-08-15 will fix this issue.
 
You must log in or register to reply here.
Back
Top