Virus detection
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Dec 10 18:24:57 GMT 2002
At 17:41 10/12/2002, you wrote:
> we are (temporarily) running MailSweeper behind MailScanner. I dont
>know if anyone else has ever done this but it seemed a useful test to
>do when we had the chance ? Both are running Sophos (this months CD and
>hourly IDE updates).
>
>Clearly, we expect that MailSweeper should not detect any viruses at all
>in this situation. Guess what !! It found a couple of Klez-H which
>MailScanner missed. I am told that Klez-H has been in Sophos
>since March so it is not an update problem.
Klez generates some badly-formed MIME messages which cannot actually be
used by any mail client. MailScanner does not alert on these (harmless)
messages. MailSweeper may parse them. I have yet to hear any reports of
proved real infections getting through, and that's in many many billions of
messages.
I'm sure someone on the list will correct me if they have found any proved
real infections of Klez that have got through Sophos/MailScanner. If you do
have one, please send it to me so that I can work out what happened and
stop it happening again.
Make sure you have all the security patches to MIME-tools as well.
Please can you send me a zipped copy of the problem messages and I will
take a look.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses
********************************************************************************************************************************************
More information about the MailScanner
mailing list