From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 126890 invoked by alias); 10 Jun 2016 03:03:45 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 126858 invoked by uid 89); 10 Jun 2016 03:03:44 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=H*r:8.14.3, H*F:D*com.au, Junk, H*MI:sk:d5500ad X-HELO: mail12.chariot.com.au Received: from mail12.chariot.com.au (HELO mail12.chariot.com.au) (220.244.226.82) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Fri, 10 Jun 2016 03:03:35 +0000 X-TPG-Junk-Checked: Yes X-TPG-Junk-Status: Message not scanned because user authenticated using SMTP AUTH X-TPG-Abuse: host=115-64-186-239.tpgi.com.au; ip=115.64.186.239; date=Fri, 10 Jun 2016 13:03:30 +1000; auth=4S7opPLCSxE/DW/A69qh0CgGp2IG7MxmiWxTU9nYdW8= Received: from [192.168.0.11] (115-64-186-239.tpgi.com.au [115.64.186.239]) (authenticated bits=0) by mail12.chariot.com.au (envelope-from mcf@cobweb.com.au) (8.14.3/8.14.3) with ESMTP id u5A33SSR020792 for ; Fri, 10 Jun 2016 13:03:30 +1000 Subject: Re: malware To: cygwin@cygwin.com References: <0D835E9B9CD07F40A48423F80D3B5A7039D920C3@USA7109MB022.na.xerox.net> <3227b657-3712-966a-45ed-2bdd0d96d7c3@gmail.com> <20160609161421.GA15058@calimero.vinschen.de> From: Mike Fahlbusch Message-ID: <39326e01-31a6-c048-4530-1290b9102e83@cobweb.com.au> Date: Fri, 10 Jun 2016 04:18:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2016-06/txt/msg00152.txt.bz2 Hi Cygwinners, On 10/06/2016 3:19 AM, David Stacey wrote: > On 09/06/16 17:14, Corinna Vinschen wrote: >> On Jun 9 18:02, Marco Atzeri wrote: >>> On 09/06/2016 17:52, Jack Adrian Zappa wrote: >>>> Are you referring to the 83.dotm file? Looks highly suspicious. o.O >>>> >>> It is clearly spam or worse. >>> >>> But some of them will always pass whatever filter the cygwin mail >>> server is implementing. >>> Some of them are reaching any mailbox also company's one. >> I can only agree with Marco. Sourceware is running an agressive spam >> assassin and what not which gets constantly upgraded and fed with known >> spam regulary to hone the filters. However, there's*no* way it will >> always catch all spam or virus or worm. If so, it would probably also >> catch lots of legit mails. > > > In fairness to the Sourceware mail filter, VirusTotal isn't decided on > whether the file is malevolent or not [1]. At present, all of the major > commercial AV tools pass it as clean. If it turns out to be something > unpleasant then we should request the postmaster delete the mail from > the archives. The more people click on the Junk button, the better! -- Regards, Mike -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple