Sobig.E Getting Through Intermittently

Julian Field mailscanner at ecs.soton.ac.uk
Fri Jun 27 12:09:47 IST 2003


At 11:03 27/06/2003, you wrote:
>On Thu, 26 Jun 2003 23:54:30 +0200, you wrote:
>
> >Hi!
> >
> >> deny    ^your_details\.zip$     Possibly Sobig-E virus
> >> deny    ^application\.zip$      Possibly Sobig-E virus
> >> deny    ^document\.zip$         Possibly Sobig-E virus
> >> deny    ^screensaver\.zip$      Possibly Sobig-E virus
> >> deny    ^Movie\.zip$            Possibly Sobig-E virus
> >>                         Sobig-E is known to use this filename to spread
> >
> >> Could someone who has seen the viruses that are getting through please
> >> confirm the filenames are the ones you're seeing (they came from Sophos
> >> site)
> >
> >I got these ones: your_details.zip
>
>I did get an application.zi file.

That sounds like it is missing the double quotes character at the end of
the filename, and people don't have all my MIME-tools patches applied. This
happened with some other virus a while ago, losing the last character off
the filename. People need to ensure that the MIME-tools are correctly
installed. I know of some people who looked at the patches, said "I don't
know what to do with these" and completely ignored them. Unsurprisingly
they let viruses through.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list