From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-213025-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 19967 invoked by alias); 30 Jun 2018 16:09:32 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 19944 invoked by uid 89); 30 Jun 2018 16:09:32 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=PDF, UD:co.uk, unsolicited, Hx-languages-length:790
X-HELO: smtp-out-1.tiscali.co.uk
Received: from smtp-out-1.tiscali.co.uk (HELO smtp-out-1.tiscali.co.uk) (62.24.135.129) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 30 Jun 2018 16:09:30 +0000
Received: from [10.7.7.32] ([88.150.206.166])	by smtp.talktalk.net with SMTP	id ZIR7fsDk3CIQHZIRDfdeFI; Sat, 30 Jun 2018 17:09:28 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tiscali.co.uk;	s=1605; t=1530374968;	bh=UIaVpjb23nkVwAjGjWAZ4U5ro9UxSPn9KYC9E6C0JtE=;	h=Subject:To:References:From:Date:In-Reply-To;	b=jVUVCgUU2RUogml6kMqeOeugjkagfD47ecT7ZRWQmBZfpS7EfSZpMkr3d3AhP/9gE	 vxe5nS7r22UNdvl7GsgGNqxGMgsaGrdiGcUNmPq4HKOocqND6WxDC+ttSEgFw33W9X	 5WDY9i85/Lq0S1M1VS3OBYjOZMIEPuU/00z8R25k=
Subject: Re: cygwin Digest 25 Jun 2018 00:46:06 -0000 Issue 10882 - virus alert
To: cygwin@cygwin.com
References: <d474d3c7-1b31-f290-5f57-693635c9aef9@familywatt.co.uk>
From: David Stacey <drstacey@tiscali.co.uk>
Message-ID: <2a0f4eac-9a37-0196-d072-4f5483557862@tiscali.co.uk>
Date: Sat, 30 Jun 2018 19:10:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <d474d3c7-1b31-f290-5f57-693635c9aef9@familywatt.co.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2018-06/txt/msg00325.txt.bz2

On 30/06/18 13:19, Richard Watt wrote:
> Did anyone else get a virus warning from the cygwin Digest 25 Jun 2018
> 00:46:06 -0000 Issue 10882?

It's an unsolicited invoice from someone you've never heard of. Of 
course it's malware :-)

It's an attachment to this post [1], compressed with gzip. The 
compressed version passes through VirusTotal cleanly. If you unpack the 
file, though, you discover that it isn't a PDF at all (surprise, 
surprise) but a .NET executable. And quite a few anti-virus tools flag 
it as something unpleasant [2].

Dave.

[1] - https://cygwin.com/ml/cygwin/2018-06/msg00264.html
[2] - 
https://www.virustotal.com/#/file/06c5c0701c5702dbe126ca2918e3ffdec8337f2a98b80939fdd0518e44fbffa6/detection


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple