mcafee & bugbear.b
Martin Sapsed
m.sapsed at BANGOR.AC.UK
Fri Jun 6 14:13:54 IST 2003
Francesco Rotondo wrote:
>>We've been blocking Bugbear.B since yesterday although as usual Mcafee
>>appears to be slow in releasing their DATs. However I've noticed that
>>every now and then mailscanner is blocking emails that have double
>>extension attachments which look suspiciously like Bugbear.b but it is
>>not picked up as Bugbear.B. I've tried scanning the quarantined
>>attachment again with the latest DAT but again no virus is detected. Is
>>this a different variant or is there a another problem. Has anyone else
>>using mcafee noticed this?
>
> Even Sophos is not catching some viruses blocked because of the filename
> rules (thanks MS).
> It should be a variant of some old virus or maybe of the Bugbear itself as
> it is polymorphic.
I sent some items fitting this description to Sophos yesterday and this
morning an update detecting "damaged" copies of Bugbear-B was released.
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the MailScanner
mailing list