Re: cygwin Digest 25 Jun 2018 00:46:06 -0000 Issue 10882 - virus alert

Re: cygwin Digest 25 Jun 2018 00:46:06 -0000 Issue 10882 - virus alert

[Richard Watt]

Hi,

Did anyone else get a virus warning from the cygwin Digest 25 Jun 2018
00:46:06 -0000 Issue 10882?

I'm using avast! antivirus on Windows 7 SP1 64-bit and it flagged up
detecting a "Win32:Malware-gen" threat, but a Google Search reveals a
MalwareBytes forum thread saying that this is a false positive (and
there's nothing quarantined) either.

Best regards,
--
Richard Watt


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin Digest 25 Jun 2018 00:46:06 -0000 Issue 10882 - virus alert

[David Stacey]

On 30/06/18 13:19, Richard Watt wrote:
> Did anyone else get a virus warning from the cygwin Digest 25 Jun 2018
> 00:46:06 -0000 Issue 10882?

It's an unsolicited invoice from someone you've never heard of. Of 
course it's malware :-)

It's an attachment to this post [1], compressed with gzip. The 
compressed version passes through VirusTotal cleanly. If you unpack the 
file, though, you discover that it isn't a PDF at all (surprise, 
surprise) but a .NET executable. And quite a few anti-virus tools flag 
it as something unpleasant [2].

Dave.

[1] - https://cygwin.com/ml/cygwin/2018-06/msg00264.html
[2] - 
https://www.virustotal.com/#/file/06c5c0701c5702dbe126ca2918e3ffdec8337f2a98b80939fdd0518e44fbffa6/detection


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin Digest 25 Jun 2018 00:46:06 -0000 Issue 10882 - virus alert

[Brian Inglis]

On 2018-06-30 10:09, David Stacey wrote:
> On 30/06/18 13:19, Richard Watt wrote:
>> Did anyone else get a virus warning from the cygwin Digest 25 Jun 2018
>> 00:46:06 -0000 Issue 10882?
> It's an unsolicited invoice from someone you've never heard of. Of course it's
> malware :-)
> It's an attachment to this post [1], compressed with gzip. The compressed
> version passes through VirusTotal cleanly. If you unpack the file, though, you
> discover that it isn't a PDF at all (surprise, surprise) but a .NET executable.
> And quite a few anti-virus tools flag it as something unpleasant [2].

I get sourceware ezmlm bounce warnings, when my domain mail forwarder bounces
mail with malware, and I don't see most of the spam, as my personal ISP account
filter is configured to dump spam instead of flagging it.
I don't see a few announce posts, as some appear to get dumped by my ISP as
spam, and my mail client puts some other posts into my Junk folder.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple