Microsloth security update worm not being caught!
Julian Field
jkf at ecs.soton.ac.uk
Thu Mar 7 10:01:32 GMT 2002
At 09:52 07/03/2002, you wrote:
>David Fry wrote:
>>Has anyone else noticed an issue with the W32.Gibe at mm worm NOT being caught
>>by Sophos and Mailscanner??
I use Sophos myself and MailScanner is catching it:
>To: postmaster at ecs.soton.ac.uk
>Subject: Warning: E-mail viruses detected
>
>The following e-mail messages were found to have viruses in them:
>
>Sender: <****@****.com>
>Recipient: <*****@ecs.soton.ac.uk>, <***@ecs.soton.ac.uk>
>Subject: Internet Security Update
>MessageID: AAA17266
>Report: >>> Virus 'W32/Gibe-A' found in file ./AAA17266/q216309.exe
>--
>MailScanner
>Email Virus Scanner
(Hidden the names for obvious privacy reasons).
>>I just saw it pass through my mail gateway twice in the last few minutes
>>with nary an alert. My sophos ide's were updated as soon as the W32.Gibe
>>definitions came out & yet it got through the scanner. I am rather shocked
>>this happened. The Sophos/Mailscanner combo has been superb up to this
>>point ... we are in an evaluation process & I am looking for an explanation
>>as to why it got through.
>
>A colleague forwarded a copy of Gibe to me and it was intercepted by
>MailScanner/Sophos. I don't have any information on an original copy of
>Gibe though.
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list