Sobig.{E,D,EML} not found by Sophos and McAfee

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Tue Jul 1 10:39:57 IST 2003

> -----Original Message-----
> From: Martin Sapsed [mailto:m.sapsed at BANGOR.AC.UK] 
> Sent: 01 July 2003 10:21
> Subject: Re: Sobig.{E,D,EML} not found by Sophos and McAfee
> Hi Quentin,
> Quentin Campbell wrote:
> > However further monitoring of logs shows that it is Sophos 
> now that is 
> > not always recognising Sobig variants. I have instances 
> where Sophos 
> > has missed Sobig.E (in both .txt and .pif files), Sobig.EML (.txt 
> > file) and Sobig.D (.pif file). In all these cases McAfee 
> has found the 
> > worms and I have not found a new instance of McAfee missing a virus.
> Assuming you quarantine these nasties, have you sent the ones 
> Sophos has missed to them? If not, please would you??? They 
> usually respond pretty quickly if they're missing stuff...

We don't use quarantining at this site. But your suggestion is noted.

> By the way, what's Sobig.EML and ...

Good question. I cannot find this virus at the NAI site yet it is McAfee
that is recognising it! The notification I got says:

The following e-mail messages were found to have viruses in them:

    Sender: auto.reply at
IP Address:
 Recipient: xxx at
   Subject: Undeliverable Message
 MessageID: h611uKu05157
    Report: /h611uKu05157/msg-32244-1482.txt        Found the
W32/Sobig.eml virus !!!

> ...what harm can it do in a .txt file?

That is not the point unless you are suggesting that is why Sophos does
not recognise it? The issue for me is why one A-V scanner finds it but
another doesn't.


More information about the MailScanner mailing list