Viruses - Missed by mailscanner, caught by Sophos NSV

Ray Gardener R.A.Gardener at SHU.AC.UK
Tue Mar 12 08:58:46 GMT 2002

----- Original Message -----
From: "David Sullivan" <David.Sullivan at BARNET.AC.UK>
Sent: Monday, March 11, 2002 10:55 AM
Subject: Viruses - Missed by mailscanner, caught by Sophos NSV

> We've recently upgraded to the Sophos NSV (non standard version) on
Netware and
> as an added feature it seems to be scanning and picking up viruses in mime
> attachments as Mercury delivers them since this version now can parse mime
> messages. Since we run mailscanner at our mail hub we certainly
*shouldn't* see
> any infected messages from outside.
> The following message seems to be a spanner in the works however: (names
> changed to protect the innocent) ...


which virus did Sophos NSV report and what version of Sophos are you running
on the hubs?

I had a quick look at the text of the message in Pine on Unix. Pine (usually
fairly good with mime) seems unable to recognise the section containing the
executable as a valid mime part. Did your MUA show this as a mime
To me this looks similar to the stuff produced by sircam which tries to
generate mine attachments but not always in a compliant way.


Ray Gardener


More information about the MailScanner mailing list