<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 22, 2018 at 2:45 PM, Good Guy via Boost-users <span dir="ltr"><<a href="mailto:boost-users@lists.boost.org" target="_blank">boost-users@lists.boost.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 08/06/2018 22:33, Trung Tran via Boost-users wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From <a href="https://dl.bintray.com/boostorg/release/1.67.0/binaries/boost_1_67_0-msvc-14.1-64.exe" rel="noreferrer" target="_blank">https://dl.bintray.com/boostor<wbr>g/release/1.67.0/binaries/<wbr>boost_1_67_0-msvc-14.1-64.exe</a><br> I got windows defender warning on Trojan:Win32/Vigorf.A<br> Total virus report the same on the same file.<br> <a href="https://www.virustotal.com/#/file/402d07022fe9671e401efc4e90a1ff25e1bc9e1c23b3d8b1c65e4a2e6799abfc/detection" rel="noreferrer" target="_blank">https://www.virustotal.com/#/f<wbr>ile/402d07022fe9671e401efc4e90<wbr>a1ff25e1bc9e1c23b3d8b1c65e4a2e<wbr>6799abfc/detection</a><br> </blockquote> <br></div></div> The link is provided on Boost's official download page <<a href="https://www.boost.org/users/download/" rel="noreferrer" target="_blank">https://www.boost.org/users/d<wbr>ownload/</a>> so you have to take it on trust.</blockquote><div><br></div><div>Please don't take it on trust. If you get a warning for the binaries, check the hashes, then check the signature on the hashes! </div><div><br></div><div>Boost (esp the binaries) would be an ideal target for a malicious actor to hack and make changes to that then get built into everybody's code. However, this type of attack definitely wouldn't trigger virus scanners, so I'm not worried about these reports (and since others previously in the thread have verified the checksums match). </div></div><br></div><div class="gmail_extra">Tom</div></div>