Sobig not detected

Mike Kercher mike at CAMAROSS.NET
Wed Aug 20 22:22:40 IST 2003 

What version of Sophos are you running?

I'm catching them:

Subject: Re: Your application
 MessageID: h7KLC2708117
    Report: >>> Virus 'W32/Sobig-F' found in file document_9446.pif
            Shortcuts to MS-Dos programs are very dangerous in email
(document_9446.pif)



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of MailScanner Mailbox
Sent: Wednesday, August 20, 2003 2:28 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Sobig not detected


I can say without any problems that Sophos is missing 100% of the Sobig-F
virus's.

Rick Noble

On Wed, 20 Aug 2003, Julian Field wrote:

> At 18:54 20/08/2003, you wrote:
> >On Wed, 20 Aug 2003, MailScanner Mailbox wrote:
> >
> > > Hello Group
> > >
> > > I have looked through the archives and see a lot of talk about 
> > > Sobig-F, except what seems to be happening to us.
> > >
> > > We are also getting the "Found to be clean" header along with the 
> > > change we made "Message infected" (shown below).
> > >
> > > It appears as though we are also not detecting the Sobig-F virus 
> > > even though we have the updated ide from Sophos. We are however 
> > > catching most of the Sobig-F infected emails due to the unsafe 
> > > file attachments (scr, pif, etc)
> > >
> > > Is anybody else not detecting Sobig-f ?
> > > Currentley we are only running Sophos, and I can see that it is 
> > > catching other virus's.
> > >
> > > Thanks
> > >
> > > Rick Noble
> >
> >
> >"The lyfe so short, the craft so long to learne"  Chaucer
> >
> > >We run 3 scanners, Sophos, Fprot and Kaspersky.
> > >We concur that Sophos is not catching Sobig F 100% of the time but 
> > >fortunately if missed by Sophos it is always caught by both Fprot 
> > >and Kaspersky.
> >
> >Paul H
>
> If it's not 100%, any idea how many it is missing?
> Mine might be missing about 40 out of 3000 but I'm going to have to do 
> a lot more careful analysis to work out exactly what files it is 
> missing. If it's worth the half-hour or so it'll take to do, then I'll 
> do it. Otherwise I've got lots more better things to do (content 
> filtering).
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>

More information about the MailScanner mailing list