Sobig.E Getting Through Intermittently
Steve Campbell
steve at AVALON.DARTMOUTH.EDU
Fri Jun 27 14:37:38 IST 2003
> At 11:03 27/06/2003, you wrote:
> >On Thu, 26 Jun 2003 23:54:30 +0200, you wrote:
> >
> > >Hi!
> > >
> > >> deny ^your_details\.zip$ Possibly Sobig-E virus
> > >> deny ^application\.zip$ Possibly Sobig-E virus
> > >> deny ^document\.zip$ Possibly Sobig-E virus
> > >> deny ^screensaver\.zip$ Possibly Sobig-E virus
> > >> deny ^Movie\.zip$ Possibly Sobig-E virus
> > >> Sobig-E is known to use this filename to spread
> > >
> > >> Could someone who has seen the viruses that are getting through please
> > >> confirm the filenames are the ones you're seeing (they came from Sophos
> > >> site)
> > >
> > >I got these ones: your_details.zip
> >
> >I did get an application.zi file.
>
> That sounds like it is missing the double quotes character at the end of
> the filename, and people don't have all my MIME-tools patches applied. This
> happened with some other virus a while ago, losing the last character off
> the filename. People need to ensure that the MIME-tools are correctly
> installed. I know of some people who looked at the patches, said "I don't
> know what to do with these" and completely ignored them. Unsurprisingly
> they let viruses through.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
Julian,
Are you saying that applying those MIME-tools patches is sufficient to solve
the "Sobig.E Getting Through Intermittently" problem?
Steve Campbell
Dartmouth College
Hanover, NH, US
More information about the MailScanner
mailing list