Sophos and Sobig

[Shane Kelly]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi
        FYI

        Setup: 3 equal precedence MX all running MS 4.22-5, SA 2.55 and SuSE 8.2 
(sendmail 8.12.7 patched) and Sophos 3.70 sweep, not SAVI.

        Sobig-f is being caught here as virus and as attachment. I have had no 
reports from any of the desktop machines of any virus being found (at this 
time!)

Regards,
        Shane.
	
Sample from email to Admin

- -----Cut-------------

Warning: E-mail viruses detected  (MailScanner,  Wed Aug 20 14:15:39 2003)

The following e-mail messages were found to have viruses in them:

    Sender: 
IP Address: 213.xxx.xxx.130
 Recipient: a.user at ayrcoll.ac.uk
   Subject: Failed mail: Banned or potentially offensive material
 MessageID: h7KDFXuO012449
    Report: Shortcuts to MS-Dos programs are very dangerous in email 
(document_all.pif)
            No programs allowed (document_all.pif)


    Sender: 
IP Address: 213.xxx.xxx.130
 Recipient: a.user at ayrcoll.ac.uk
   Subject: Re: Details
 MessageID: h7KDFXuM012449
    Report: >>> Virus 'W32/Sobig-F' found in file 
./h7KDFXuM012449/document_all.pif
            Shortcuts to MS-Dos programs are very dangerous in email 
(document_all.pif)
            No programs allowed (document_all.pif)


- -- 
Ayr College MailScanner
Email Virus Scanner

- -- 
This message has been scanned for viruses and
dangerous content by Ayr College MailScanner, and is
believed to be clean.


- --------Cut-----------
- -- 
Shane Kelly
Network Infrastructure Manager
01292 293577 (Direct line)

If the automobile had followed the same development as the computer a
Rolls Royce would today cost $100, get a million miles per gallon and
explode once a year killing everybody inside. - Robert Cringeley (InfoWorld)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/RK6A/thVM7mR0ZYRArbCAJ4mfIjXxp1RCRxrMcpBM4pU91Tq5QCgnvh8
cSL6rMkE9lgJuMF7DpXFlHw=
=fzm5
-----END PGP SIGNATURE-----