Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4

[Micah Cowan]

Hi Andrew.

I no longer have much involvement with Wget, other than in discussions. I'm
copying the Wget mailing list in my reply.

To my knowledge, there are no "officially" builds of Wget for Windows (the
developers only provide the source code releases), and neither of the links
you mention are "my" website. I suppose at least one of them must have
mentioned me as the maintainer of Wget (which was true for 1.11.x and
1.12.x), but I have nothing to do with either site.

Virus scanners produce false positives sometimes, but in general I'd be
suspicious of any Wget executable that fails a virus scan... on the other
hand, it'd certainly be more useful if the virus scanning site gave more
detailed information than the messages you copied.

The "Wget Wgiki" lists a few locations for downloading Windows binaries:
http://wget.addictivecode.org/FrequentlyAskedQuestions#download
But one of them is a site you mentioned as potentially having virus-laden
executables. I can't confirm whether that's the case or not. In any event,
1.11.x is a fairly old version, and I know people have been testing Windows
builds for more recent versions, such as 1.14 (the current release).
Perhaps someone on the list can direct you to more recent builds.

As to trustworthiness, you'll probably have to rely on word of mouth and/or
more specific virus scanner results, as we only release and sign sources. I
would expect, though, that different builds on different sites would have
different MD5 sums. And the fact that two different wget builds were
considered "malware" makes me suspect the virus scanner roughly as much as
the builds. The safest route of course is to grab the maintainer-signed
sources and build yourself, but of course that requires some effort. If you
can find a useful binary package from MinGW, I'd expect that to be
relatively trustworthy (especially if they sign those, which I don't know).

Hope that helps!
-mjc



On Thu, Aug 8, 2013 at 12:21 AM, Andrew McGlashan <
address@hidden> wrote:

> Hi,
>
> I had previously downloaded 1.11.4 of wget.exe and have been using it on
> a number of machines, recently I downloaded a /fresh/ copy and found it
> had a different file size.
>
> These are the files I have:
>
> 23/10/2008  09:40 PM           403,968 wget-1-11-4--wrong-md5sum.exe
> 26/04/2009  01:03 AM           401,408 wget-1-11-4.exe
>
> And these are the md5 checksums
>
> D:\bin>md5sum wget-1-11-4--wrong-md5sum.exe wget-1-11-4.exe
> c639f0fc0cbee97148c79d9d9e31fff3 *wget-1-11-4--wrong-md5sum.exe
> bd126a7b59d5d1f97ba89a3e71425731 *wget-1-11-4.exe
>
>
> These links show both versions as having ONE detection of virus:
>
>   http://md5.virscan.org/c639f0fc0cbee97148c79d9d9e31fff3
>         Scanner results :   3% Scanner(s) (1/39) found malware!
>                    Time :   2008/10/27 01:55:21 (EST)
>
>   http://md5.virscan.org/bd126a7b59d5d1f97ba89a3e71425731
>         Scanner results :   3% Scanner(s) (1/37) found malware!
>                    Time :   2011/09/14 15:22:01 (EST)
>
> Can you please let me know if either executable has any issue and also,
> if possible,  how I might have gotten two distinct versions of the same
> file (most likely from the same known location, but at different times
> ... your site as below) :
>
>   http://users.ugent.be/~bpuype/wget/
>
>
> The site below has the same file as your site (above).
>
>   http://mc-crew.org/wget-for-windows-win32-current-version-1-11-4
>
> Going to this other site gives warnings from WOT (web of trust) add-on
> with Firefox, but the downloaded file is exactly the same as you are
> currently offering.
>
> Here is the WOT rating link for the other site:
>
>
> https://www.mywot.com/en/scorecard/mc-crew.org?utm_source=addon&utm_content=rw-viewsc
>
>
> Am I safe with my current download which has the md5 checksum of:
>         bd126a7b59d5d1f97ba89a3e71425731
>
>
> Thank you.
>
> --
> Kind Regards
> AndrewM
>
> Andrew McGlashan
> Broadband Solutions now including VoIP
>
> Current Land Line No: 03 9012 2102
> Mobile: 04 2574 1827 Fax: 03 9012 2178
>
> National No: 1300 85 3804
>
> Affinity Vision Australia Pty Ltd
> http://affinityvision.com.au
> http://securemywireless.com.au
> http://adsl2choice.net.au
>
> In Case of Emergency --  http://affinityvision.com.au/ice.html
>