Sobig.{E,D,EML} not found by Sophos and McAfee

Jim Levie jim at ENTROPHY-FREE.NET
Tue Jul 1 18:09:25 IST 2003

On Tue, 2003-07-01 at 01:40, Quentin Campbell wrote:
> I reported yesterday that McAfee was not always recognising the Sobig.E
> worm in messages. That problem appeared to fix itself after I restarted
> MailScanner.
> However further monitoring of logs shows that it is Sophos now that is
> not always recognising Sobig variants. I have instances where Sophos has
> missed Sobig.E (in both .txt and .pif files), Sobig.EML (.txt file) and
> Sobig.D (.pif file). In all these cases McAfee has found the worms and I
> have not found a new instance of McAfee missing a virus.
I'm seeing something similar in that Sophos with the latest IDE's isn't
catching some variants of SoBig that arrived over the weekend and this
morning. McAfee is detecting them, so far. The virus isn't reaching my
users, at least currently, because they are all in a disguised zip file
and I have a filename rule that disallows '.zi'.
The instructions said to use Windows 98 or better, so I installed RedHat
   Jim Levie                                 email:jim at

More information about the MailScanner mailing list