Microsloth security update worm not being caught!

[Rose, Bobby]

But are you guys restricting exe's?  I saw the same thing but
Mailscanner stopped it only because it was an exe and that's in my
restricted attachment list.

-----Original Message-----
From: Julian Field [mailto:jkf at ECS.SOTON.AC.UK] 
Sent: Thursday, March 07, 2002 5:02 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Microsloth security update worm not being caught!


At 09:52 07/03/2002, you wrote:
>David Fry wrote:
>>Has anyone else noticed an issue with the W32.Gibe at mm worm NOT being 
>>caught by Sophos and Mailscanner??

I use Sophos myself and MailScanner is catching it:

>To: postmaster at ecs.soton.ac.uk
>Subject: Warning: E-mail viruses detected
>
>The following e-mail messages were found to have viruses in them:
>
>Sender: <****@****.com>
>Recipient: <*****@ecs.soton.ac.uk>, <***@ecs.soton.ac.uk>
>Subject: Internet Security Update
>MessageID: AAA17266
>Report: >>> Virus 'W32/Gibe-A' found in file ./AAA17266/q216309.exe
>--
>MailScanner
>Email Virus Scanner

(Hidden the names for obvious privacy reasons).


>>I just saw it pass through my mail gateway twice in the last few 
>>minutes with nary an alert.  My sophos ide's were updated as soon as 
>>the W32.Gibe definitions came out & yet it got through the scanner.  I

>>am rather shocked this happened.  The Sophos/Mailscanner combo has 
>>been superb up to this point ... we are in an evaluation process & I 
>>am looking for an explanation as to why it got through.
>
>A colleague forwarded a copy of Gibe to me and it was intercepted by 
>MailScanner/Sophos. I don't have any information on an original copy of

>Gibe though.

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ