Sobig.E Getting Through Intermittently

Julian Field mailscanner at ecs.soton.ac.uk
Fri Jun 27 15:00:45 IST 2003


At 14:37 27/06/2003, you wrote:
> > At 11:03 27/06/2003, you wrote:
> > >On Thu, 26 Jun 2003 23:54:30 +0200, you wrote:
> > >
> > > >Hi!
> > > >
> > > >> deny    ^your_details\.zip$     Possibly Sobig-E virus
> > > >> deny    ^application\.zip$      Possibly Sobig-E virus
> > > >> deny    ^document\.zip$         Possibly Sobig-E virus
> > > >> deny    ^screensaver\.zip$      Possibly Sobig-E virus
> > > >> deny    ^Movie\.zip$            Possibly Sobig-E virus
> > > >>                         Sobig-E is known to use this filename to
> spread
> > > >
> > > >> Could someone who has seen the viruses that are getting through please
> > > >> confirm the filenames are the ones you're seeing (they came from
> Sophos
> > > >> site)
> > > >
> > > >I got these ones: your_details.zip
> > >
> > >I did get an application.zi file.
> >
> > That sounds like it is missing the double quotes character at the end of
> > the filename, and people don't have all my MIME-tools patches applied. This
> > happened with some other virus a while ago, losing the last character off
> > the filename. People need to ensure that the MIME-tools are correctly
> > installed. I know of some people who looked at the patches, said "I don't
> > know what to do with these" and completely ignored them. Unsurprisingly
> > they let viruses through.
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
>
>Julian,
>
>Are you saying that applying those MIME-tools patches is sufficient to solve
>the "Sobig.E Getting Through Intermittently" problem?

No, but I think it may help.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list