Sophos issues

Julian Field mailscanner at ecs.soton.ac.uk
Thu Jan 23 14:28:01 GMT 2003 

I have heard of other similar problems with RAR archives and Sophos in the 
last few days. Supposedly Sophos tech support are working on them.

If you do a standard ("Sophos"'s standard) installation of their virus 
scanner, and use sweep to scan the RAR file, and it still produces the 
errors (which I believe it will), then you should log a fault call with 
Sophos tech support so that they work faster on fixing this problem.

At 13:48 23/01/2003, you wrote:
>Hello,
>
>Yesterday I added Sophos to McAfee as my virus scanners in MS.  I then
>noticed the following messages in my logs:
>Jan 22 12:21:20 smtp2 MailScanner[10906]: Could not check 
>./h0MHL9O22471/StAR2001_2002Fleury et alH.rar/StAR2001_2002Fleury et 
>alH.doc (format not supported)
>Jan 22 12:21:20 smtp2 MailScanner[10906]: Could not check 
>./h0MHL9O22471/StAR2001_2002Fleury et alH.rar (corrupt)
>Jan 22 12:21:20 smtp2 MailScanner[10906]: Virus Scanning: sophos found 2 
>infections
>Jan 22 12:21:20 smtp2 MailScanner[10906]: Virus Scanning: Found 2 viruses
>Jan 22 12:21:20 smtp2 MailScanner[10906]: Saved infected 
>"StAR2001_2002Fleury et alH.rar (corrupt)" to 
>/quarantaine/usherbrooke/20030122/h0MHL9O22471
>Jan 22 12:21:20 smtp2 MailScanner[10906]: Saved infected 
>"StAR2001_2002Fleury et alH.rar" to 
>/quarantaine/usherbrooke/20030122/h0MHL9O22471
>Jan 22 12:58:33 smtp2 MailScanner[10824]: Could not check 
>./h0MHwPO31882/Calendrier2003.pps (corrupt)
>Jan 22 12:58:33 smtp2 MailScanner[10824]: Could not check 
>./h0MHwPO31882/Calendrier2003.pps (corrupt)
>Jan 22 12:58:34 smtp2 MailScanner[10824]: Virus Scanning: sophos found 1 
>infections
>Jan 22 12:58:34 smtp2 MailScanner[10824]: Virus Scanning: Found 1 viruses
>Jan 22 12:58:34 smtp2 MailScanner[10824]: Saved infected 
>"Calendrier2003.pps (corrupt)" to /quarantaine/hermes/20030122/h0MHwPO31882
>Jan 22 16:26:55 smtp2 MailScanner[22132]: Could not check 
>./h0MLQmO04098/winmail.dat (corrupt)
>Jan 22 16:26:55 smtp2 MailScanner[22132]: Virus Re-scanning: sophos found 
>1 
>infections 
>Jan 22 16:26:55 smtp2 MailScanner[22132]: Disinfection: Rescan found only 
>1 viruses
>
>I checked my old logs and these messages had never appeared before I
>added Sophos so I'm pretty sure it is the culprit.  McAfee didn't
>complain about those files.
>
>I'm running version 4.11-1 on RH 7.3 with the external winmail.dat
>extractor.
>
>The problem is annoying because the attachments were not transmitted to
>the users and even though MS informed them that they were quarantined in
>directory X, they are not there except for the RAR file. For the others,
>the directory is empty.
>
>Until this issue is resolved I deactivated Sophos.  Anyhow the Sophos
>quote I received was based on the number of users my mail gateways
>protect and was way too expensive for us.
>
>Thanks again!
>
>Denis
>--
>Denis Beauchemin, analyste
>Université de Sherbrooke, S.T.I.
>T: 819.821.8000x2252 F: 819.821.8045

-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list