X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=Rf1qEOCTS4RO6IIY S/xK9oe5zyfTXwfcU3XDzU+8T7xe0jk+H14ddtkL4eH/VP5Yi4ObD+28afw2Fn1S MTjAknz/X/VwPkhLfyoCzZKLxWxJjdVyVCXUAE5s1ld+rKTFCFzQ2VM0k8NWSwna zjbeyBKCgLW0SnXOqt3NCMJOT7c= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=U3447mB45r2OwkGRnOa3Wf sJLZU=; b=WSA1G2gsiuLeIFcFXowYClFD0+bdi/FRxLZlgvmwMGVJJyiZ8RdwPq kCmgbdPym98CZJTgxjaUUQN2smvmzKIE/RnAhG1rQjRoGgGXK9CRgpYRLNbA5oOJ WXIoTebb+bVuLJF4Kl6cT9W7/EiAIbAiShIzokTwowmRPup3Qj9vQ= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=fairness, Sourceware, UD:O, virus X-HELO: smtp-out-5.tiscali.co.uk Subject: Re: malware To: cygwin@cygwin.com References: <0D835E9B9CD07F40A48423F80D3B5A7039D920C3@USA7109MB022.na.xerox.net> <3227b657-3712-966a-45ed-2bdd0d96d7c3@gmail.com> <20160609161421.GA15058@calimero.vinschen.de> From: David Stacey Message-ID: Date: Thu, 9 Jun 2016 18:49:09 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <20160609161421.GA15058@calimero.vinschen.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfKBI4V4Gh5gHSnUSmPYk+cP8ANzeVuZW93MHu8vf9dh2rKRdovVykHonlGOwpl0izEPz8v837CQfDanLfV92ARs3BIrtGA0ua3Qaos6R/u+oerplbdIN sJXUlgjf0S66AOpee62rYxdIZWmXRoMGFpg3RpRjsduoYFww5ZLf0vQE X-IsSubscribed: yes On 09/06/16 17:14, Corinna Vinschen wrote: > On Jun 9 18:02, Marco Atzeri wrote: >> On 09/06/2016 17:52, Jack Adrian Zappa wrote: >>> Are you referring to the 83.dotm file? Looks highly suspicious. o.O >>> >> It is clearly spam or worse. >> >> But some of them will always pass whatever filter the cygwin mail >> server is implementing. >> Some of them are reaching any mailbox also company's one. > I can only agree with Marco. Sourceware is running an agressive spam > assassin and what not which gets constantly upgraded and fed with known > spam regulary to hone the filters. However, there's*no* way it will > always catch all spam or virus or worm. If so, it would probably also > catch lots of legit mails. In fairness to the Sourceware mail filter, VirusTotal isn't decided on whether the file is malevolent or not [1]. At present, all of the major commercial AV tools pass it as clean. If it turns out to be something unpleasant then we should request the postmaster delete the mail from the archives. Dave. [1] - https://www.virustotal.com/en/file/f2611880cfe199ef43f9de6d4b54c2fae06164a5ec2d321db086cab324954c6d/analysis/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple