Sobig.F disguising MailScanner headers :-)
Antony Stone
Antony at SOFT-SOLUTIONS.CO.UK
Mon Aug 25 23:26:32 IST 2003
On Monday 25 August 2003 11:16 pm, Mariano Absatz wrote:
> Hi,
>
> I don't know if this has been discussed before, cause I have a large
> backlog of mails in the list (many likely to be manually marked as "read")
> but... did anyone notice the following header in messages containing
> Sobig.f?
>
> X-MailScanner: Found to be clean
Yes, and if you see anyone advocating filtering out emails containing this
header as a way of blocking Sobig.F on mailing lists, newsgroups, websites
etc, please educate them that this is *not* a good thing to do, as they will
be blocking an ever-increasing quantity of legitimate mail by doing so.
Okay, this is proof that MailScanner has come to the attention of the virus
writers, however as Julian put it the other day, this just goes to show that
"there's no such thing as bad publicity" is untrue :(
Good luck with the backlog...
Regards,
Antony.
--
If you think you see a Heffalump in a trap,
make sure it isn't really a Bear with an empty honey jar stuck on his head.
More information about the MailScanner
mailing list