Sobig.{E,D,EML} not found by Sophos and McAfee
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Tue Jul 1 07:40:49 IST 2003
I reported yesterday that McAfee was not always recognising the Sobig.E
worm in messages. That problem appeared to fix itself after I restarted
MailScanner.
However further monitoring of logs shows that it is Sophos now that is
not always recognising Sobig variants. I have instances where Sophos has
missed Sobig.E (in both .txt and .pif files), Sobig.EML (.txt file) and
Sobig.D (.pif file). In all these cases McAfee has found the worms and I
have not found a new instance of McAfee missing a virus.
What I cannot tell is whether there have been instances where _both_
scanners have missed a virus/worm at the same time. It is very worrying.
The times at which these exceptions have occured are no where near the
hourly updates of the DAT/IDE files.
Any suggestions as to how I can more systematiclly investigate what is
going on?
Quentin
---
PHONE: +44 191 222 8209 Computing Service, University of Newcastle
FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."
More information about the MailScanner
mailing list