Microsloth security update worm not being caught!

Julian Field jkf at ecs.soton.ac.uk
Thu Mar 7 10:01:32 GMT 2002

At 09:52 07/03/2002, you wrote:
>David Fry wrote:
>>Has anyone else noticed an issue with the W32.Gibe at mm worm NOT being caught
>>by Sophos and Mailscanner??

I use Sophos myself and MailScanner is catching it:

>To: postmaster at ecs.soton.ac.uk
>Subject: Warning: E-mail viruses detected
>The following e-mail messages were found to have viruses in them:
>Sender: <****@****.com>
>Recipient: <*****@ecs.soton.ac.uk>, <***@ecs.soton.ac.uk>
>Subject: Internet Security Update
>MessageID: AAA17266
>Report: >>> Virus 'W32/Gibe-A' found in file ./AAA17266/q216309.exe
>Email Virus Scanner

(Hidden the names for obvious privacy reasons).

>>I just saw it pass through my mail gateway twice in the last few minutes
>>with nary an alert.  My sophos ide's were updated as soon as the W32.Gibe
>>definitions came out & yet it got through the scanner.  I am rather shocked
>>this happened.  The Sophos/Mailscanner combo has been superb up to this
>>point ... we are in an evaluation process & I am looking for an explanation
>>as to why it got through.
>A colleague forwarded a copy of Gibe to me and it was intercepted by
>MailScanner/Sophos. I don't have any information on an original copy of
>Gibe though.

Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list