Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus

["Adam D. Barratt" <adam () adam-barratt org uk>]

[full quote for listmaster@]

If you want an answer from those who deal with lists, you have to ask 
them. debian-legal@ is just another mailing list.

On 2016-03-03 8:44, Georgi Guninski wrote:
> According to www.virustotal.com, lists.debian.org
> are hosting attachment .DOC virus.
>
> Would someone confirm or deny this?
>
> Warning:  DO NOT OPEN THE .DOC!
> Discalimer: Nothing personal against Debian
>
> https://lists.debian.org/debian-consultants/2016/01/msg00000.html
> links to:
>
> https://lists.debian.org/debian-consultants/2016/01/docyrW4BlUhzH.doc
>
> Submitting the last .doc URL at:
> https://www.virustotal.com
> and then going to:
> Go to downloaded file analysis
> gives:
> https://www.virustotal.com/en/file/c7210dc26e00a0d9f9bf8fb3b4850d52b62bb5836a7fa34bb669fc1b1553005e/analysis/1456991242/
>
> SHA256: 
> 	c7210dc26e00a0d9f9bf8fb3b4850d52b62bb5836a7fa34bb669fc1b1553005e
> File name:      docyrW4BlUhzH.doc
> Detection ratio:        17 / 54
>
> the first few results are:
> AVG     W97M/Downloader         20160303
> AVware  Trojan-Downloader.O97M.Adnel.n (v)      20160303
> AegisLab        W97M.Gen!c      20160303
> Arcabit         HEUR.VBA.Trojan.e       20160303
> Avast   VBA:Downloader-ABC [Trj]        20160303
> ESET-NOD32      VBA/TrojanDownloader.Agent.AOM  20160303
>
> and some report it as clean.
>
> The .doc is downloadable with the same checksum.