mimail slipping through
Leland J. Steinke
steinkel at PA.NET
Mon Aug 4 17:32:03 IST 2003
Raymond Dijkxhoorn wrote:
>
> F-Prot is not catching this! I have a open ticket but they didnt respond
> at all. For me its time to switch to another virus product, i really cant
> live with the fact they take 4 days to fix something like this. Even
> ClamAV outperforms them with virus updates.
>
> My suggestion, scan with Clam also for some time, use two scanners...
>
This is what we are doing. Since f-prot has been caught doing what might be
worse than nothing, that is, doing it half-assed^h^h^h^h^hway.
It is very strange. The Mimail.A message I intercepted, via a message bounce,
and dissected was a ZIP of a message.html file which had MIME-like headers in
front that told the mail client to execute the following binary data. When I
removed the headers, f-prot identified the binary code as W32/Mimail.A at mm.
Leland
More information about the MailScanner
mailing list