X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=dMXeGODtU/Se8erb
	lHBlkv7/QZmwjuDEvn0iyUKwBZeM4dV7+vqU82Uk3Cr8cXSwPFqktujil3M+j2Jl
	HWllM+lNo94Zr8tv+xH9Nr4pDDRj8ON9yVwaLRrr/WIGKnh7mo/JbmehUym72YFj
	JOrsFXLWDxxkxK1cPtwWWsuZYzc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=WmA+H0s1QDLStuzCUv+H9a
	5dxFs=; b=oNyU4Dzjt93pe+WMErtV4oprivWSvKXD92tmnGEJ4bn3TQwAIKjYdl
	e8j4fH5umnJGcl/6lkAof3rERlOSHE3Q2rqXub/RF0WW3pdUfBA5/Mcqlzpe+zuX
	J9IxKo9QU4Ze7zOAcSUNfpuwV4XSSJ6ZeiJ8XHCVb7Z9R5OlNiSpY=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=bounces, calgary, Alberta, inglis
X-HELO: smtp-out-so.shaw.ca
Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject: Re: cygwin Digest 25 Jun 2018 00:46:06 -0000 Issue 10882 - virus alert
To: cygwin AT cygwin DOT com
References: <d474d3c7-1b31-f290-5f57-693635c9aef9 AT familywatt DOT co DOT uk> <2a0f4eac-9a37-0196-d072-4f5483557862 AT tiscali DOT co DOT uk>
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Openpgp: preference=signencrypt
Message-ID: <c92c9d93-8504-ab68-83d0-0a45ba53a872@SystematicSw.ab.ca>
Date: Sat, 30 Jun 2018 11:14:04 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <2a0f4eac-9a37-0196-d072-4f5483557862@tiscali.co.uk>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 2018-06-30 10:09, David Stacey wrote:
> On 30/06/18 13:19, Richard Watt wrote:
>> Did anyone else get a virus warning from the cygwin Digest 25 Jun 2018
>> 00:46:06 -0000 Issue 10882?
> It's an unsolicited invoice from someone you've never heard of. Of course it's
> malware :-)
> It's an attachment to this post [1], compressed with gzip. The compressed
> version passes through VirusTotal cleanly. If you unpack the file, though, you
> discover that it isn't a PDF at all (surprise, surprise) but a .NET executable.
> And quite a few anti-virus tools flag it as something unpleasant [2].

I get sourceware ezmlm bounce warnings, when my domain mail forwarder bounces
mail with malware, and I don't see most of the spam, as my personal ISP account
filter is configured to dump spam instead of flagging it.
I don't see a few announce posts, as some appear to get dumped by my ISP as
spam, and my mail client puts some other posts into my Junk folder.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple