From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 67629 invoked by alias); 9 Jun 2016 17:49:24 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 67620 invoked by uid 89); 9 Jun 2016 17:49:23 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=fairness, Sourceware, UD:O, virus X-HELO: smtp-out-5.tiscali.co.uk Received: from smtp-out-5.tiscali.co.uk (HELO smtp-out-5.tiscali.co.uk) (62.24.135.133) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 09 Jun 2016 17:49:13 +0000 Received: from [192.168.1.3] ([79.68.216.250]) by smtp.talktalk.net with SMTP id B44sbqdYJ5j98B44sbQh70; Thu, 09 Jun 2016 18:49:11 +0100 Subject: Re: malware To: cygwin@cygwin.com References: <0D835E9B9CD07F40A48423F80D3B5A7039D920C3@USA7109MB022.na.xerox.net> <3227b657-3712-966a-45ed-2bdd0d96d7c3@gmail.com> <20160609161421.GA15058@calimero.vinschen.de> From: David Stacey Message-ID: Date: Thu, 09 Jun 2016 17:49:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <20160609161421.GA15058@calimero.vinschen.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfKBI4V4Gh5gHSnUSmPYk+cP8ANzeVuZW93MHu8vf9dh2rKRdovVykHonlGOwpl0izEPz8v837CQfDanLfV92ARs3BIrtGA0ua3Qaos6R/u+oerplbdIN sJXUlgjf0S66AOpee62rYxdIZWmXRoMGFpg3RpRjsduoYFww5ZLf0vQE X-IsSubscribed: yes X-SW-Source: 2016-06/txt/msg00135.txt.bz2 On 09/06/16 17:14, Corinna Vinschen wrote: > On Jun 9 18:02, Marco Atzeri wrote: >> On 09/06/2016 17:52, Jack Adrian Zappa wrote: >>> Are you referring to the 83.dotm file? Looks highly suspicious. o.O >>> >> It is clearly spam or worse. >> >> But some of them will always pass whatever filter the cygwin mail >> server is implementing. >> Some of them are reaching any mailbox also company's one. > I can only agree with Marco. Sourceware is running an agressive spam > assassin and what not which gets constantly upgraded and fed with known > spam regulary to hone the filters. However, there's*no* way it will > always catch all spam or virus or worm. If so, it would probably also > catch lots of legit mails. In fairness to the Sourceware mail filter, VirusTotal isn't decided on whether the file is malevolent or not [1]. At present, all of the major commercial AV tools pass it as clean. If it turns out to be something unpleasant then we should request the postmaster delete the mail from the archives. Dave. [1] - https://www.virustotal.com/en/file/f2611880cfe199ef43f9de6d4b54c2fae06164a5ec2d321db086cab324954c6d/analysis/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple