Viruses - Missed by mailscanner, caught by Sophos NSV
Ray Gardener
R.A.Gardener at SHU.AC.UK
Tue Mar 12 08:58:46 GMT 2002
----- Original Message -----
From: "David Sullivan" <David.Sullivan at BARNET.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, March 11, 2002 10:55 AM
Subject: Viruses - Missed by mailscanner, caught by Sophos NSV
> We've recently upgraded to the Sophos NSV (non standard version) on
Netware and
> as an added feature it seems to be scanning and picking up viruses in mime
> attachments as Mercury delivers them since this version now can parse mime
> messages. Since we run mailscanner at our mail hub we certainly
*shouldn't* see
> any infected messages from outside.
>
> The following message seems to be a spanner in the works however: (names
> changed to protect the innocent) ...
> http://www.barnet.ac.uk/~sully/missed.txt
David,
which virus did Sophos NSV report and what version of Sophos are you running
on the hubs?
I had a quick look at the text of the message in Pine on Unix. Pine (usually
fairly good with mime) seems unable to recognise the section containing the
executable as a valid mime part. Did your MUA show this as a mime
attachment?
To me this looks similar to the stuff produced by sircam which tries to
generate mine attachments but not always in a compliant way.
Regards,
Ray Gardener
>
More information about the MailScanner
mailing list