Sobig.{E,D,EML} not found by Sophos and McAfee
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Tue Jul 1 10:39:57 IST 2003
> -----Original Message-----
> From: Martin Sapsed [mailto:m.sapsed at BANGOR.AC.UK]
> Sent: 01 July 2003 10:21
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Sobig.{E,D,EML} not found by Sophos and McAfee
>
>
> Hi Quentin,
>
> Quentin Campbell wrote:
> > However further monitoring of logs shows that it is Sophos
> now that is
> > not always recognising Sobig variants. I have instances
> where Sophos
> > has missed Sobig.E (in both .txt and .pif files), Sobig.EML (.txt
> > file) and Sobig.D (.pif file). In all these cases McAfee
> has found the
> > worms and I have not found a new instance of McAfee missing a virus.
>
> Assuming you quarantine these nasties, have you sent the ones
> Sophos has missed to them? If not, please would you??? They
> usually respond pretty quickly if they're missing stuff...
We don't use quarantining at this site. But your suggestion is noted.
:-)
> By the way, what's Sobig.EML and ...
Good question. I cannot find this virus at the NAI site yet it is McAfee
that is recognising it! The notification I got says:
The following e-mail messages were found to have viruses in them:
Sender: auto.reply at compuserve.com
IP Address: 149.174.40.6
Recipient: xxx at newcastle.ac.uk
Subject: Undeliverable Message
MessageID: h611uKu05157
Report: /h611uKu05157/msg-32244-1482.txt Found the
W32/Sobig.eml virus !!!
> ...what harm can it do in a .txt file?
That is not the point unless you are suggesting that is why Sophos does
not recognise it? The issue for me is why one A-V scanner finds it but
another doesn't.
Quentin
More information about the MailScanner
mailing list