MailScanner + Sophos: a serious bug?

Jim Levie jim at ENTROPHY-FREE.NET
Wed Jul 2 15:12:26 IST 2003


On Wed, 2003-07-02 at 03:58, Quentin Campbell wrote:
> Re. my earlier messages about Sophos sometimes missing Sobig variants in
> messages.
>
> I switched on quarantining of virus containing messages and believe I
> can now see what is going on. In fact the problem is not just limited to
> Sobig (the most common infection at present) but to Yaha.G as well and
> most probably all other viruses.
>
> It seems that Sophos will not recognise viruses, including at least
> Yaha.G and all variants of Sobig, when the message being scanned is a
> bounce/error return message which contains the whole of the original
> message, including the zipped attachment with the virus/worm in it.
>
> At this site McAfee but not Sophos recognises the virus in such a
> message.
>
Have you tried scanning the zip file or its contents with Sophos? I'm
finding that Sophos, with the latest IDE's, isn't detecting the virus
when scanning the zip file or the pif file that contains Sobig.
--
The instructions said to use Windows 98 or better, so I installed
RedHat.



More information about the MailScanner mailing list