The Web Filter in my organization has been sending these alerts all morning:
"This email is from the Barracuda Web Filter. We have detected and blocked the download of: VIRUS Win.Trojan.Bancos-2115
from the server:www.google.com
In each instance the file is always the same, but the mirror may change. The other two variants include:
These domains all are registered to Google, and the file appears to be digitally signed by Google as well. I believe this to be a false positive.