Viruses - Missed by mailscanner, caught by Sophos NSV

Ray Gardener R.A.Gardener at SHU.AC.UK
Tue Mar 12 16:22:18 GMT 2002 

On Tue, 12 Mar 2002, David Sullivan wrote:

<snip...>
> > > The following message seems to be a spanner in the works however:
(names
> > > changed to protect the innocent) ...
> > >         http://www.barnet.ac.uk/~sully/missed.txt
> >
> > David,
> >
> > which virus did Sophos NSV report and what version of Sophos are you running
> > on the hubs?
>
> Real-time: >>>  Virus 'W32/Magistr-A' found in file
> STAFF:/*****/PMAIL/Y08850/SULFNBK.EXE
> Reported by 3.55NSV on Netware, we're still running 3.54 on Linux on the
> mailhub, I will be upgrading soon once I've fixed up MailScanner to be happy
> with the nsv version as covered previously

After more investigation I can see that our second layer virus scanning at
the Exchange level is also picking up instances of viruses that should be
screened out by mailscanner. Most of the instances involve the virus
Magistr-A

David, you are right in believing the new enhanced version 3.55NSV detects
and disinfects this ;-). However there is still a problem for those people
who aren't using sophos :-(

> If sweep can do it's own parsing and potentially pick up things that
> MailScanner's mime parser doesn't it might be the case of going down the same
> road as TNEF and use sweep in preference to parsing MIME ourselves.

I agree partly, however I would prefer to leave in the mailscanner
parsing as I think mailscanner needs it to filter for prohibited
filenames and filetypes and it can work in addition to Sophos 3.55NSV parsing.

>
> --
> David Sullivan        IT Services, Barnet College, London
>                             David.Sullivan at barnet.ac.uk
>                             020 8275 5036
>
> ==============================================================
> This communication may contain privileged or confidential information which
> is for the exclusive use of the intended recipient.  If you are not the
> intended recipient, please note that you may not distribute or use this
> communication or the information it contains.  If this e-mail has reached you
> in error, please delete it and any attachment.
>
> Internet communications are not secure and Barnet College does not accept
> legal responsibility for the content of this message.  Any views or opinions
> expressed are those of the author and not necessarily those of Barnet College.
>
> Please note that Barnet College reserves the right to monitor the
> source/destinations of all incoming or outgoing e-mail communications.
> ==============================================================
>

More information about the MailScanner mailing list