What's Going on here?

Mike Kercher mike at CAMAROSS.NET
Fri Aug 29 22:17:25 IST 2003


I always use Sophos.install.

I don't think Sophos caught it all as I don't run sweep by itself.  Just the
filename rule was hit.

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Friday, August 29, 2003 4:11 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: What's Going on here?


At 22:03 29/08/2003, you wrote:
>I've seen several emails come through that look like they got past 
>Sophos, but the filename alone caught it.  For the most part, Sophos 
>says the attachment is infected with Sobig.  Thoughts?

So Sophos within MailScanner didn't get them but Sophos outside it did? Did 
you use Sophos.install?


>Mike
>
>
>-----Original Message-----
>From: Antivirus at CamaroSS.net [mailto:AntiVirus at CamaroSS.net]
>Sent: Friday, August 29, 2003 3:31 PM
>To: mike at CamaroSS.net
>Subject: Warning: E-mail viruses detected
>
>
>The following e-mail messages were found to have viruses in them:
>
>     Sender:
>IP Address: 65.107.235.188
>  Recipient: user at domain.com
>    Subject: Undelivered Mail Returned to Sender
>  MessageID: h7TKUn909224
>     Report: Shortcuts to MS-Dos programs are very dangerous in email
>(your_details.pif)
>             No programs allowed (your_details.pif)
>
>Full headers are:
>
>  Return-Path: <g>
>  Received: from the-man.emailheads.net ([65.107.235.188])
>         by genesis.camaross.net (8.11.6/8.11.6) with ESMTP id h7TKUn909224
>         for <user at domain.com>; Fri, 29 Aug 2003 15:30:49 -0500
>  Received: from chico.emailheads.net (chico.emailheads.net
[65.107.235.186])
>         by the-man.emailheads.net (Postfix) with ESMTP id 9A4987789C
>         for <user at domain.com>; Fri, 29 Aug 2003 13:08:42 -0700 (PDT)
>  Received: by chico.emailheads.net (Postfix)
>         id 44D3F13B00; Fri, 29 Aug 2003 13:34:14 -0700 (PDT)
>  Date: Fri, 29 Aug 2003 13:34:14 -0700 (PDT)
>  From: MAILER-DAEMON at chico.emailheads.net (Mail Delivery System)
>  Subject: Undelivered Mail Returned to Sender
>  To: user at domain.com
>  MIME-Version: 1.0
>  Content-Type: multipart/report; report-type=delivery-status;
>         boundary="03AE513AF8.1062189254/chico.emailheads.net"
>  Message-Id: <20030829203414.44D3F13B00 at chico.emailheads.net>
>
>
>--
>MailScanner
>Email Virus Scanner
>www.mailscanner.info

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support




More information about the MailScanner mailing list