On Fri, Jun 22, 2018 at 2:45 PM, Good Guy via Boost-users <boost-users@lists.boost.org> wrote:

On 08/06/2018 22:33, Trung Tran via Boost-users wrote:

From https://dl.bintray.com/boostorg/release/1.67.0/binaries/boost_1_67_0-msvc-14.1-64.exe
I got windows defender warning on Trojan:Win32/Vigorf.A
Total virus report the same on the same file.
https://www.virustotal.com/#/file/402d07022fe9671e401efc4e90a1ff25e1bc9e1c23b3d8b1c65e4a2e6799abfc/detection

The link is provided on Boost's official download page <https://www.boost.org/users/download/> so you have to take it on trust.

Please don't take it on trust. If you get a warning for the binaries, check the hashes, then check the signature on the hashes!

Boost (esp the binaries) would be an ideal target for a malicious actor to hack and make changes to that then get built into everybody's code. However, this type of attack definitely wouldn't trigger virus scanners, so I'm not worried about these reports (and since others previously in the thread have verified the checksums match).

Tom