According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus. Would someone confirm or deny this? Warning: DO NOT OPEN THE .DOC! Discalimer: Nothing personal against Debian https://lists.debian.org/debian-consultants/2016/01/msg00000.html links to: https://lists.debian.org/debian-consultants/2016/01/docyrW4BlUhzH.doc Submitting the last .doc URL at: https://www.virustotal.com and then going to: Go to downloaded file analysis gives: https://www.virustotal.com/en/file/c7210dc26e00a0d9f9bf8fb3b4850d52b62bb5836... SHA256: c7210dc26e00a0d9f9bf8fb3b4850d52b62bb5836a7fa34bb669fc1b1553005e File name: docyrW4BlUhzH.doc Detection ratio: 17 / 54 the first few results are: AVG W97M/Downloader 20160303 AVware Trojan-Downloader.O97M.Adnel.n (v) 20160303 AegisLab W97M.Gen!c 20160303 Arcabit HEUR.VBA.Trojan.e 20160303 Avast VBA:Downloader-ABC [Trj] 20160303 ESET-NOD32 VBA/TrojanDownloader.Agent.AOM 20160303 and some report it as clean. The .doc is downloadable with the same checksum.