Sobig.{E,D,EML} not found by Sophos and McAfee
Jim Levie
jim at ENTROPHY-FREE.NET
Tue Jul 1 18:09:25 IST 2003
On Tue, 2003-07-01 at 01:40, Quentin Campbell wrote:
> I reported yesterday that McAfee was not always recognising the Sobig.E
> worm in messages. That problem appeared to fix itself after I restarted
> MailScanner.
>
> However further monitoring of logs shows that it is Sophos now that is
> not always recognising Sobig variants. I have instances where Sophos has
> missed Sobig.E (in both .txt and .pif files), Sobig.EML (.txt file) and
> Sobig.D (.pif file). In all these cases McAfee has found the worms and I
> have not found a new instance of McAfee missing a virus.
>
I'm seeing something similar in that Sophos with the latest IDE's isn't
catching some variants of SoBig that arrived over the weekend and this
morning. McAfee is detecting them, so far. The virus isn't reaching my
users, at least currently, because they are all in a disguised zip file
and I have a filename rule that disallows '.zi'.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
The instructions said to use Windows 98 or better, so I installed RedHat
Jim Levie email:jim at entrophy-free.net
More information about the MailScanner
mailing list