Mail Archives: cygwin/2016/06/09/13:49:39

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/06/09/13:49:39

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:subject:to:references:from:message-id:date

:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=Rf1qEOCTS4RO6IIY

S/xK9oe5zyfTXwfcU3XDzU+8T7xe0jk+H14ddtkL4eH/VP5Yi4ObD+28afw2Fn1S

MTjAknz/X/VwPkhLfyoCzZKLxWxJjdVyVCXUAE5s1ld+rKTFCFzQ2VM0k8NWSwna

zjbeyBKCgLW0SnXOqt3NCMJOT7c=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:subject:to:references:from:message-id:date

:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=U3447mB45r2OwkGRnOa3Wf

sJLZU=; b=WSA1G2gsiuLeIFcFXowYClFD0+bdi/FRxLZlgvmwMGVJJyiZ8RdwPq

kCmgbdPym98CZJTgxjaUUQN2smvmzKIE/RnAhG1rQjRoGgGXK9CRgpYRLNbA5oOJ

WXIoTebb+bVuLJF4Kl6cT9W7/EiAIbAiShIzokTwowmRPup3Qj9vQ=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=fairness, Sourceware, UD:O, virus

X-HELO: smtp-out-5.tiscali.co.uk

Subject: Re: malware

To: cygwin AT cygwin DOT com

References: <0D835E9B9CD07F40A48423F80D3B5A7039D920C3 AT USA7109MB022 DOT na DOT xerox DOT net> <3227b657-3712-966a-45ed-2bdd0d96d7c3 AT gmail DOT com> <CAKepmajx8LtDyYun-++CPaSuUMZsEQMKe=P2=JSgZwv36HvmOg AT mail DOT gmail DOT com> <CAKepmai4bt1L_t+YKADFv0wX=MeNUM_D5h0iTCWFRqw=hzc5Qw AT mail DOT gmail DOT com> <c8b4fa97-b7ed-c071-da55-e7246e1a0316 AT gmail DOT com> <20160609161421 DOT GA15058 AT calimero DOT vinschen DOT de>

From: David Stacey <drstacey AT tiscali DOT co DOT uk>

Message-ID: <d5500adf-36c1-50a9-b4b4-af66dec8ede7@tiscali.co.uk>

Date: Thu, 9 Jun 2016 18:49:09 +0100

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0

MIME-Version: 1.0

In-Reply-To: <20160609161421.GA15058@calimero.vinschen.de>

X-CMAE-Envelope: MS4wfKBI4V4Gh5gHSnUSmPYk+cP8ANzeVuZW93MHu8vf9dh2rKRdovVykHonlGOwpl0izEPz8v837CQfDanLfV92ARs3BIrtGA0ua3Qaos6R/u+oerplbdIN sJXUlgjf0S66AOpee62rYxdIZWmXRoMGFpg3RpRjsduoYFww5ZLf0vQE

X-IsSubscribed: yes

On 09/06/16 17:14, Corinna Vinschen wrote:
> On Jun  9 18:02, Marco Atzeri wrote:
>> On 09/06/2016 17:52, Jack Adrian Zappa wrote:
>>> Are you referring to the 83.dotm file?  Looks highly suspicious.  o.O
>>>
>> It is clearly spam or worse.
>>
>> But some of them will always pass whatever filter the cygwin mail
>> server is implementing.
>> Some of them are reaching any mailbox also company's one.
> I can only agree with Marco.  Sourceware is running an agressive spam
> assassin and what not which gets constantly upgraded and fed with known
> spam regulary to hone the filters.  However, there's*no*  way it will
> always catch all spam or virus or worm.  If so, it would probably also
> catch lots of legit mails.


In fairness to the Sourceware mail filter, VirusTotal isn't decided on 
whether the file is malevolent or not [1]. At present, all of the major 
commercial AV tools pass it as clean. If it turns out to be something 
unpleasant then we should request the postmaster delete the mail from 
the archives.

Dave.

[1] - 
https://www.virustotal.com/en/file/f2611880cfe199ef43f9de6d4b54c2fae06164a5ec2d321db086cab324954c6d/analysis/


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=Rf1qEOCTS4RO6IIY
	S/xK9oe5zyfTXwfcU3XDzU+8T7xe0jk+H14ddtkL4eH/VP5Yi4ObD+28afw2Fn1S
	MTjAknz/X/VwPkhLfyoCzZKLxWxJjdVyVCXUAE5s1ld+rKTFCFzQ2VM0k8NWSwna
	zjbeyBKCgLW0SnXOqt3NCMJOT7c=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=U3447mB45r2OwkGRnOa3Wf
	sJLZU=; b=WSA1G2gsiuLeIFcFXowYClFD0+bdi/FRxLZlgvmwMGVJJyiZ8RdwPq
	kCmgbdPym98CZJTgxjaUUQN2smvmzKIE/RnAhG1rQjRoGgGXK9CRgpYRLNbA5oOJ
	WXIoTebb+bVuLJF4Kl6cT9W7/EiAIbAiShIzokTwowmRPup3Qj9vQ=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=fairness, Sourceware, UD:O, virus
X-HELO:	smtp-out-5.tiscali.co.uk
Subject:	Re: malware
To:	cygwin AT cygwin DOT com
References:	<0D835E9B9CD07F40A48423F80D3B5A7039D920C3 AT USA7109MB022 DOT na DOT xerox DOT net> <3227b657-3712-966a-45ed-2bdd0d96d7c3 AT gmail DOT com> <CAKepmajx8LtDyYun-++CPaSuUMZsEQMKe=P2=JSgZwv36HvmOg AT mail DOT gmail DOT com> <CAKepmai4bt1L_t+YKADFv0wX=MeNUM_D5h0iTCWFRqw=hzc5Qw AT mail DOT gmail DOT com> <c8b4fa97-b7ed-c071-da55-e7246e1a0316 AT gmail DOT com> <20160609161421 DOT GA15058 AT calimero DOT vinschen DOT de>
From:	David Stacey <drstacey AT tiscali DOT co DOT uk>
Message-ID:	<d5500adf-36c1-50a9-b4b4-af66dec8ede7@tiscali.co.uk>
Date:	Thu, 9 Jun 2016 18:49:09 +0100
User-Agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0
MIME-Version:	1.0
In-Reply-To:	<20160609161421.GA15058@calimero.vinschen.de>
X-CMAE-Envelope:	MS4wfKBI4V4Gh5gHSnUSmPYk+cP8ANzeVuZW93MHu8vf9dh2rKRdovVykHonlGOwpl0izEPz8v837CQfDanLfV92ARs3BIrtGA0ua3Qaos6R/u+oerplbdIN sJXUlgjf0S66AOpee62rYxdIZWmXRoMGFpg3RpRjsduoYFww5ZLf0vQE
X-IsSubscribed:	yes