On Wed, 2022-01-19 at 10:39 -0600, John Lange wrote:
For what it's worth, I downloaded this file and scanned it with Windows Defender and it came back clean. I also uploaded it to a (free) 3rd party malware detection site which reported "No security vendors and no sandboxes flagged this file as malicious". So it appears it is just a normal phishing attack and not a malware attack. That being said, since it is so obviously a phish, there is no reason to actually open it which puts you at risk of some zero-day attack.
I'm actually amazed the original post didn't get caught in spam filters.
If you're referring to the message Eduard sent to the list, it's not that surprising. These days spam filters mostly rely on sender reputation and authentication, and the message looking like what it claims to be structurally; analysis of the text content of the message is an unreliable indicator, though it can tip the scales when other red flags are present. Eduard's having forwarded the spammy message (and then the list doing likewise) destroyed both the original sender information and the original structure, so it looks like what it is: a legitimate user sending a legitimate message through a legitimate mailing list.
According to the header of what I received on my end, both MUUG's MTA and my own barely found it spammy. It seems they were only suspicious at all because there was no authentication information (SPF, DKIM, DMARC, ARC) attributable to Eduard's message.