Viruses - Missed by mailscanner, caught by Sophos NSV

David Sullivan David.Sullivan at BARNET.AC.UK
Mon Mar 11 10:55:19 GMT 2002 

We've recently upgraded to the Sophos NSV (non standard version) on Netware and
as an added feature it seems to be scanning and picking up viruses in mime
attachments as Mercury delivers them since this version now can parse mime
messages. Since we run mailscanner at our mail hub we certainly *shouldn't* see
any infected messages from outside.

The following message seems to be a spanner in the works however: (names
changed to protect the innocent) ...
        http://www.barnet.ac.uk/~sully/missed.txt

This message has passed through the server running mailscanner (delta) and has
even been marked "Found to be clean" by mailscanner itself when at the very
least it should have been rejected since we are blocking all "exe" type
attachments.

I can't see anything obviously wrong with the message itself other than the
fact there seems to be an odd character in the message subject line "of
FormInsert Heading Here Type", perhaps this is upsetting the mime parser
perhaps?
We're running version MailScanner-3.11-1 and version 5.411of the MIME::Tools
perl module.

I've a sneaking suspicion that upgrading to the NSV version of sophos for Linux
would have caught this but it's a little concerning that new "hot off the
press" viruses that don't have an ide file yet but are propgated as an exe file
in e-mail might be missed.

Any thoughts?

--
David Sullivan        IT Services, Barnet College, London
                            David.Sullivan at barnet.ac.uk
                            020 8275 5036

==============================================================
This communication may contain privileged or confidential information which
is for the exclusive use of the intended recipient.  If you are not the
intended recipient, please note that you may not distribute or use this
communication or the information it contains.  If this e-mail has reached you
in error, please delete it and any attachment.

Internet communications are not secure and Barnet College does not accept
legal responsibility for the content of this message.  Any views or opinions
expressed are those of the author and not necessarily those of Barnet College.

Please note that Barnet College reserves the right to monitor the
source/destinations of all incoming or outgoing e-mail communications.
==============================================================

More information about the MailScanner mailing list