mcafee & bugbear.b

Martin Sapsed m.sapsed at BANGOR.AC.UK
Fri Jun 6 14:13:54 IST 2003


Francesco Rotondo wrote:
>>We've been blocking Bugbear.B since yesterday although as usual Mcafee
>>appears to be slow in releasing their DATs.   However I've noticed that
>>every now and then mailscanner is blocking emails that have double
>>extension attachments which look suspiciously like Bugbear.b but it is
>>not picked up as Bugbear.B.  I've tried scanning the quarantined
>>attachment again with the latest DAT but again no virus is detected.  Is
>>this a different variant or is there a another problem.  Has anyone else
>>using mcafee noticed this?
>
> Even Sophos is not catching some viruses blocked because of the filename
> rules (thanks MS).
> It should be a variant of some old virus or maybe of the Bugbear itself as
> it is polymorphic.

I sent some items fitting this description to Sophos yesterday and this
morning an update detecting "damaged" copies of Bugbear-B was released.

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth



More information about the MailScanner mailing list