X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=Rf1qEOCTS4RO6IIY S/xK9oe5zyfTXwfcU3XDzU+8T7xe0jk+H14ddtkL4eH/VP5Yi4ObD+28afw2Fn1S MTjAknz/X/VwPkhLfyoCzZKLxWxJjdVyVCXUAE5s1ld+rKTFCFzQ2VM0k8NWSwna zjbeyBKCgLW0SnXOqt3NCMJOT7c= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=U3447mB45r2OwkGRnOa3Wf sJLZU=; b=WSA1G2gsiuLeIFcFXowYClFD0+bdi/FRxLZlgvmwMGVJJyiZ8RdwPq kCmgbdPym98CZJTgxjaUUQN2smvmzKIE/RnAhG1rQjRoGgGXK9CRgpYRLNbA5oOJ WXIoTebb+bVuLJF4Kl6cT9W7/EiAIbAiShIzokTwowmRPup3Qj9vQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=fairness, Sourceware, UD:O, virus X-HELO: smtp-out-5.tiscali.co.uk Subject: Re: malware To: cygwin AT cygwin DOT com References: <0D835E9B9CD07F40A48423F80D3B5A7039D920C3 AT USA7109MB022 DOT na DOT xerox DOT net> <3227b657-3712-966a-45ed-2bdd0d96d7c3 AT gmail DOT com>

<20160609161421 DOT GA15058 AT calimero DOT vinschen DOT de> From: David Stacey Message-ID: Date: Thu, 9 Jun 2016 18:49:09 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <20160609161421.GA15058@calimero.vinschen.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfKBI4V4Gh5gHSnUSmPYk+cP8ANzeVuZW93MHu8vf9dh2rKRdovVykHonlGOwpl0izEPz8v837CQfDanLfV92ARs3BIrtGA0ua3Qaos6R/u+oerplbdIN sJXUlgjf0S66AOpee62rYxdIZWmXRoMGFpg3RpRjsduoYFww5ZLf0vQE X-IsSubscribed: yes On 09/06/16 17:14, Corinna Vinschen wrote: > On Jun 9 18:02, Marco Atzeri wrote: >> On 09/06/2016 17:52, Jack Adrian Zappa wrote: >>> Are you referring to the 83.dotm file? Looks highly suspicious. o.O >>> >> It is clearly spam or worse. >> >> But some of them will always pass whatever filter the cygwin mail >> server is implementing. >> Some of them are reaching any mailbox also company's one. > I can only agree with Marco. Sourceware is running an agressive spam > assassin and what not which gets constantly upgraded and fed with known > spam regulary to hone the filters. However, there's*no* way it will > always catch all spam or virus or worm. If so, it would probably also > catch lots of legit mails. In fairness to the Sourceware mail filter, VirusTotal isn't decided on whether the file is malevolent or not [1]. At present, all of the major commercial AV tools pass it as clean. If it turns out to be something unpleasant then we should request the postmaster delete the mail from the archives. Dave. [1] - https://www.virustotal.com/en/file/f2611880cfe199ef43f9de6d4b54c2fae06164a5ec2d321db086cab324954c6d/analysis/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple