Sobig not detected

Julian Field mailscanner at ecs.soton.ac.uk
Wed Aug 20 19:30:57 IST 2003


At 18:54 20/08/2003, you wrote:
>On Wed, 20 Aug 2003, MailScanner Mailbox wrote:
>
> > Hello Group
> >
> > I have looked through the archives and see a lot of talk about Sobig-F,
> > except what seems to be happening to us.
> >
> > We are also getting the "Found to be clean" header along with the change
> > we made "Message infected" (shown below).
> >
> > It appears as though we are also not detecting the Sobig-F virus even
> > though we have the updated ide from Sophos. We are however catching most
> > of the Sobig-F infected emails due to the unsafe file attachments (scr,
> > pif, etc)
> >
> > Is anybody else not detecting Sobig-f ?
> > Currentley we are only running Sophos, and I can see that it is catching
> > other virus's.
> >
> > Thanks
> >
> > Rick Noble
>
>I just scanned my quarantine directory and ClamAV and F-Prot are both
>finding the Sobig.F virus.  Trend wasn't until I updated its virus files
>that were released yesterday.  Now it is finding Sobig.F too.
>
>I don't use Sophos.
>
>Gerry
>
>"The lyfe so short, the craft so long to learne"  Chaucer
>
> >We run 3 scanners, Sophos, Fprot and Kaspersky.
> >We concur that Sophos is not catching Sobig F 100% of the time
> >but fortunately if missed by Sophos it is always caught by both
> >Fprot and Kaspersky.
>
>Paul H

If it's not 100%, any idea how many it is missing?
Mine might be missing about 40 out of 3000 but I'm going to have to do a
lot more careful analysis to work out exactly what files it is missing. If
it's worth the half-hour or so it'll take to do, then I'll do it. Otherwise
I've got lots more better things to do (content filtering).
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list