Re: Viruses being transported with Cygwin messages
Schaible, Jörg [EMAIL PROTECTED] wrote around 14 Oct 2002 [EMAIL PROTECTED]:">news:[EMAIL PROTECTED]: Even more interesting: I have different mail addresses for the Cygwin list, depending wether I am at the office or at home. My home address is registered by gmane.org and I received that faked email at home! So I assume, someone is grabbing addresses from there ... This is OT but important enough to mention once at least. You say you are using Gmane at home. Are you *posting* to this List from Gmane, and if so are you using 'Archive: encrypt' as a custom header in your newsreader settings? If not you may be leaving yourself open to spamming and address harvesting. Pls go to Gmane and read FAQs about how to practice safe Gmane'ing. HTH, Soren A -- Just say NO to YAHAAPs! (http://groups.google.com/groups?selm= Xns92991EB1F396ngrATT586ID%40204.127.36.1) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Re: Viruses being transported with Cygwin messages
Hello, Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Like spam, most common email viruses forge the 'from' address. I am seeing a few of these too, but, as Chris said, they aren't coming through the Cygwin server. just as a side note. I got also yesterday a Virus from Robert Collins, but this time the email address was [EMAIL PROTECTED] g. I don't assume Rober is working for this company. Even more interesting: I have different mail addresses for the Cygwin list, depending wether I am at the office or at home. My home address is registered by gmane.org and I received that faked email at home! So I assume, someone is grabbing addresses from there ... Regards, Jörg -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with cygwin messages
On Sun, 13 Oct 2002 21:36:02 -0400, Gregg C Levine [EMAIL PROTECTED] wrote: Hello from Gregg C Levine Okay. I'll agree with you on that notion, Christopher. No real arguement there. Now as to about those messages? Are those actual messages? I'm inclined to think not. Nope. Two arrived here. The original messages are in the archives... http://sources.redhat.com/ml/cygwin/2002-08/msg00071.html http://sources.redhat.com/ml/cygwin/2002-02/msg00636.html ...whereas the new arrivals have truncated html-ized text and what looks like Bugbear - identical 50.6k (?upx compressed?) binaries: connexionscard-pass.txt.scr james_simmons_1.jpg.scr Neither has any connection with their original poster. -- [EMAIL PROTECTED] -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Viruses being transported with Cygwin messages
Robert, It's probably not your system that is infected -- Bugbear, like KLEZ, uses addresses harvested from the infected system in spoofed From headers. The only way I've been able to guess at the real identity for bugbear-infected mail that I've received (from friends/family) is to search through my mailbox for the first Received header's domain, and from that, look for a common association with the name in the from line. On a mailing list, that wouldn't work very well. Warm regards, Chris -Original Message- From: Gregg C Levine [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 13, 2002 8:38 PM To: Robert Collins Cc: [EMAIL PROTECTED] Subject: Re: Viruses being transported with Cygwin messages Hello from Gregg C Levine Gladly, if I can find it. It's a message in ugly HTML format, and it arrived at my other address. Gregg C Levine [EMAIL PROTECTED] Oh my! The Second Doctor's nearly favorite phrase. - Original Message - From: Robert Collins [EMAIL PROTECTED] To: Gregg C Levine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 4:36 PM Subject: Re: Viruses being transported with Cygwin messages On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Hello from Gregg C Levine Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Viruses being transported with cygwin messages
Tim Prince wrote: Earthlink gave me immediate automatic acknowledgment that these were viruses originated by one of their customers. Sorry for the extra noise, but in case anyone's trying to track down the sources, I also got a message claiming to be from Christopher Faylor (though with the wrong address). It also went through Earthlink, as the headers show: === Return-Path: [EMAIL PROTECTED] Received: from [internal addresses] Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by [internal address] with ESMTP id g9DHPru13432 for [EMAIL PROTECTED]; Sun, 13 Oct 2002 13:25:53 -0400 (EDT) Received: from pool0355.cvx40-bradley.dialup.earthlink.net ([216.244.43.100] helo=HUNG) by falcon.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 180mXM-0004o6-00; Sun, 13 Oct 2002 10:28:21 -0700 From: Christopher Faylor [EMAIL PROTECTED] Subject: Re: bash 2.05a command completion spec bug MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--4MNKIZZFJFEJXQK Message-Id: [EMAIL PROTECTED] Bcc: Date: Sun, 13 Oct 2002 10:28:21 -0700 Content-Length: 69055 === Here was the entire message (my company server apparently nabbed the actual virus on the way in, but I'm updating my antivirus just in case...): === On Tue, Feb 12, 2002 at 09:29:28AM -0500, Jason Tishler wrote: Command completion specs causes bash 2.05a specifically *and* Cygwin in general to behave poorly. By poo === -Jerry Williams -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with cygwin messages
On Sun, Oct 13, 2002 at 03:04:21PM -0400, Gregg C Levine wrote: Folks, don't roar at me, but I am seeing a number of messages arrive here, Actually, I doubt that you are actually seeing them arrive here. You're probably receiving random messages from some infected machine which is putting a cygwin at cygwin dot com in the header but isn't really coming from cygwin dot com. If you can actually find a virus infected message in the archives, then please post a url here. Otherwise, you're most likely just experiencing the standard behavior of a virus which is sending out email from an infected machine. I did receive a few messages from someone in the earthlink domain and think I managed to figure out that person's identity. But they were sending individual email to individual people not to the cygwin mailing list, AFAICT. -- Please do not send me personal email with cygwin questions. Use the resources at http://cygwin.com/ . -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Hello from Gregg C Levine Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. Rob -- --- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. --- signature.asc Description: This is a digitally signed message part
Re: Viruses being transported with Cygwin messages
On 14 Oct 2002 06:36:02 +1000 Robert Collins [EMAIL PROTECTED] wrote: On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. Like spam, most common email viruses forge the 'from' address. I am seeing a few of these too, but, as Chris said, they aren't coming through the Cygwin server. -- Mac :}) Give a hobbit a fish and he eats fish for a day. Give a hobbit a ring and he eats fish for an age. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
- Original Message - From: Joshua Elson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, 13 October, 2002 16:17 Subject: Re: Viruses being transported with Cygwin messages Hmm, more on the virus emails. I received the below message with the file james_simmons_1.jpg.scr attached, which I presume is the virus. And I'm not a current subscriber to Cygwin, but have been in the past and have posted to the list. BCNU//jle Return-Path: [EMAIL PROTECTED] Received: from spf5.us4.outblaze.com ([205.158.62.27]) by rwcrgwc52.attbi.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Sun, 13 Oct 2002 17:51:56 + Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by spf5.us4.outblaze.com (8.12.6/8.12.6) with ESMTP id g9DHptlG070422; Sun, 13 Oct 2002 17:51:56 GMT Received: from pool0355.cvx40-bradley.dialup.earthlink.net ([216.244.43.100] helo=HUNG) by swan.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 180miV-00060t-00; Sun, 13 Oct 2002 10:39:51 -0700 From: Dylan Cuthbert [EMAIL PROTECTED] Subject: Re: RCS 5.7 (?) + setup.exe advice MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--6AD01SLPQS9HSN Message-Id: [EMAIL PROTECTED] Bcc: Date: Sun, 13 Oct 2002 10:39:51 -0700 - Original Message - From: Dylan Cuthbert [EMAIL PROTECTED] Sent: Sunday, 13 October, 2002 12:39 Subject: Re: RCS 5.7 (?) + setup.exe advice Ah, I get it now, I had a full installation of an older version of cygwin and of course when I ran the setup program to update it -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
Hi, I might help to know this is the W32.Bugbear@mm worm. It has been spreading a lot lately. In today's batch I received 3 copies under different names (supposedly from Christopher Faylor, Gareth Pearce and Elfyn McBratney), each with different contents and different attachment names. Here's what Symantec has to say about this worm: http:[EMAIL PROTECTED] Randall Schulz Mountain View, CA USA At 14:25 2002-10-13, Michael A Chase wrote: On 14 Oct 2002 06:36:02 +1000 Robert Collins [EMAIL PROTECTED] wrote: On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. Like spam, most common email viruses forge the 'from' address. I am seeing a few of these too, but, as Chris said, they aren't coming through the Cygwin server. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
I for one would like to know how that happend. If its from hotmail then fare do's, sorry. If it was from [EMAIL PROTECTED] thats impossible because all I can send through my mailgate is .txt or tars/gz's files...even then all archives are extracted/scanned. What month??? Elfyn - Original Message - From: Randall R Schulz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 11:03 PM Subject: Re: Viruses being transported with Cygwin messages Hi, I might help to know this is the W32.Bugbear@mm worm. It has been spreading a lot lately. In today's batch I received 3 copies under different names (supposedly from Christopher Faylor, Gareth Pearce and Elfyn McBratney), each with different contents and different attachment names. Here's what Symantec has to say about this worm: http:[EMAIL PROTECTED] Randall Schulz Mountain View, CA USA At 14:25 2002-10-13, Michael A Chase wrote: On 14 Oct 2002 06:36:02 +1000 Robert Collins [EMAIL PROTECTED] wrote: On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. Like spam, most common email viruses forge the 'from' address. I am seeing a few of these too, but, as Chris said, they aren't coming through the Cygwin server. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
Elfyn, Let me be clear that I'm not accusing you (or Gareth or Chris F.) of anything here. As others have pointed out, these worms are clever about coming up with addresses both for the apparent From: address and the next ply of intended victim recipients. Here are the routing headers from the message _ostensibly_ from you: Return-Path: [EMAIL PROTECTED] Received: from mail18.svr.pol.co.uk (mail18.svr.pol.co.uk [195.92.67.23]) by morse.concentric.net [Concentric SMTP MX 1.0] id g9DJ7ih10880; Sun, 13 Oct 2002 15:07:44 -0400 (EDT) [1-800-745-2747 The Concentric Network] Errors-To: [EMAIL PROTECTED] Received: from modem-2289.chimpanzee.dialup.pol.co.uk ([217.134.120.241] helo=mcb-home) by mail18.svr.pol.co.uk with smtp (Exim 3.35 #1) id 180nmm-0007hQ-00; Sun, 13 Oct 2002 19:48:20 +0100 From: Elfyn McBratney [EMAIL PROTECTED] As you can see, although it claims (suggests? From: headers are distinctly non-authoritative) you're at UT Austin, the message itself did not originate or traverse any servers there. Nor does Hotmail appear in the SMTP server-supplied forwarding header. (Concentric is my ISP.) As I understand these worms, they use other user's address books (are they called Contact Lists in Outlook and Outlook Express?) to come up with both fraudulent From: addresses and recipients. Win32.Bugbear@mm uses registry data to propagate, too. Randall Schulz Mountain View, CA USA Here's the full text of the message I receive (attachment graciously elided--in fact, I delete them as soon as I confirm my hunch that they're worms): -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- Return-Path: [EMAIL PROTECTED] Received: from mail18.svr.pol.co.uk (mail18.svr.pol.co.uk [195.92.67.23]) by morse.concentric.net [Concentric SMTP MX 1.0] id g9DJ7ih10880; Sun, 13 Oct 2002 15:07:44 -0400 (EDT) [1-800-745-2747 The Concentric Network] Errors-To: [EMAIL PROTECTED] Received: from modem-2289.chimpanzee.dialup.pol.co.uk ([217.134.120.241] helo=mcb-home) by mail18.svr.pol.co.uk with smtp (Exim 3.35 #1) id 180nmm-0007hQ-00; Sun, 13 Oct 2002 19:48:20 +0100 From: Elfyn McBratney [EMAIL PROTECTED] Subject: Re: Need your Mac OS 8 support plan... MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--ISQROT15KBZQSTO Message-Id: [EMAIL PROTECTED] Bcc: Date: Sun, 13 Oct 2002 19:48:20 +0100 Content-Type: text/html; That is really not fare :( Do you know when we'll get a time-indexed beta-sp ??? - Original Message - From: Michael Aumeerally To: Sent: Sunday, August 25, 2002 9:52 PM Subject: Re: Need your Mac OS 8 support plan... Just wanted to beg you to bring in Mac OS 8 if your on your travels towards the office :)... I may come in Wednesday evening, depending on how the week unfolds... file://D:\Attachments\connexionscard-pass.txt.scr[] connexionscard-pass.txt.scr -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- At 16:33 2002-10-13, Elfyn McBratney wrote: I for one would like to know how that happend. If its from hotmail then fare do's, sorry. If it was from [EMAIL PROTECTED] thats impossible because all I can send through my mailgate is .txt or tars/gz's files...even then all archives are extracted/scanned. What month??? Elfyn - Original Message - From: Randall R Schulz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 11:03 PM Subject: Re: Viruses being transported with Cygwin messages Hi, I might help to know this is the W32.Bugbear@mm worm. It has been spreading a lot lately. In today's batch I received 3 copies under different names (supposedly from Christopher Faylor, Gareth Pearce and Elfyn McBratney), each with different contents and different attachment names. Here's what Symantec has to say about this worm: http:[EMAIL PROTECTED] Randall Schulz Mountain View, CA USA -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with cygwin messages
On Sun, Oct 13, 2002 at 04:50:54PM -0700, Randall R Schulz wrote: Let me be clear that I'm not accusing you (or Gareth or Chris F.) of anything here. As others have pointed out, these worms are clever about coming up with addresses both for the apparent From: address and the next ply of intended victim recipients. I got a message with similar headers, fwiw. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with cygwin messages
Hello from Gregg C Levine Okay. I'll agree with you on that notion, Christopher. No real arguement there. Now as to about those messages? Are those actual messages? I'm inclined to think not. And I'll be permanently deleting them from my message store. I also reported the initial example to those cloddies at Earthlink, I'll be surprised if they know what to do. Gregg C Levine [EMAIL PROTECTED] Oh my! The Second Doctor's nearly favorite phrase. - Original Message - From: Christopher Faylor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 3:15 PM Subject: Re: Viruses being transported with cygwin messages On Sun, Oct 13, 2002 at 03:04:21PM -0400, Gregg C Levine wrote: Folks, don't roar at me, but I am seeing a number of messages arrive here, Actually, I doubt that you are actually seeing them arrive here. You're probably receiving random messages from some infected machine which is putting a cygwin at cygwin dot com in the header but isn't really coming from cygwin dot com. If you can actually find a virus infected message in the archives, then please post a url here. Otherwise, you're most likely just experiencing the standard behavior of a virus which is sending out email from an infected machine. I did receive a few messages from someone in the earthlink domain and think I managed to figure out that person's identity. But they were sending individual email to individual people not to the cygwin mailing list, AFAICT. -- Please do not send me personal email with cygwin questions. Use the resources at http://cygwin.com/ . -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
Hello from Gregg C Levine Gladly, if I can find it. It's a message in ugly HTML format, and it arrived at my other address. Gregg C Levine [EMAIL PROTECTED] Oh my! The Second Doctor's nearly favorite phrase. - Original Message - From: Robert Collins [EMAIL PROTECTED] To: Gregg C Levine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 4:36 PM Subject: Re: Viruses being transported with Cygwin messages On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Hello from Gregg C Levine Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with Cygwin messages
Hello from Gregg C Levine Can't help you more beyond what the good guys at Symantec said, Randall. As far as I am concerned, outside of one school, and the Feds, they are the experts. Gregg C Levine [EMAIL PROTECTED] Oh my! The Second Doctor's nearly favorite phrase. - Original Message - From: Randall R Schulz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 6:03 PM Subject: Re: Viruses being transported with Cygwin messages Hi, I might help to know this is the W32.Bugbear@mm worm. It has been spreading a lot lately. In today's batch I received 3 copies under different names (supposedly from Christopher Faylor, Gareth Pearce and Elfyn McBratney), each with different contents and different attachment names. Here's what Symantec has to say about this worm: http:[EMAIL PROTECTED] Randall Schulz Mountain View, CA USA At 14:25 2002-10-13, Michael A Chase wrote: On 14 Oct 2002 06:36:02 +1000 Robert Collins [EMAIL PROTECTED] wrote: On Mon, 2002-10-14 at 05:04, Gregg C Levine wrote: Folks, don't roar at me, but I am seeing a number of messages arrive here, infected. One came with a message via Robert Collins, twice, Can you point me at the message with the virus? And the virus? I email from UNIX, so am *very* surprised at this. Like spam, most common email viruses forge the 'from' address. I am seeing a few of these too, but, as Chris said, they aren't coming through the Cygwin server. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Viruses being transported with cygwin messages
On Sunday 13 October 2002 18:36, Gregg C Levine wrote: Hello from Gregg C Levine Okay. I'll agree with you on that notion, Christopher. No real arguement there. Now as to about those messages? Are those actual messages? I'm inclined to think not. And I'll be permanently deleting them from my message store. I also reported the initial example to those cloddies at Earthlink, I'll be surprised if they know what to do. Earthlink gave me immediate automatic acknowledgment that these were viruses originated by one of their customers. -- Tim Prince -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Viruses being transported with cygwin messages
Norton Systemworks caught three viruses this morning. I deleted them after putting the in quarintine. Disappeared off my system. Windows XP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tim Prince Sent: Sunday, October 13, 2002 9:57 PM To: Gregg C Levine; [EMAIL PROTECTED] Subject: Re: Viruses being transported with cygwin messages On Sunday 13 October 2002 18:36, Gregg C Levine wrote: Hello from Gregg C Levine Okay. I'll agree with you on that notion, Christopher. No real arguement there. Now as to about those messages? Are those actual messages? I'm inclined to think not. And I'll be permanently deleting them from my message store. I also reported the initial example to those cloddies at Earthlink, I'll be surprised if they know what to do. Earthlink gave me immediate automatic acknowledgment that these were viruses originated by one of their customers. -- Tim Prince -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/