Sobig.E Getting Through Intermittently

[Jeff Falgout]

>>> nathan at TCPNETWORKS.NET 6/27/2003 9:50:55 AM >>>
At 12:42 27/06/2003, you wrote:
>Hello all...
>
> > mailscanner at ECS.SOTON.AC.UK 27/06/03 12:09:47 >>>
> >That sounds like it is missing the double quotes character at the end
of
> >the filename, and people don't have all my MIME-tools patches
applied.
>
>I've seen a few 'zi' files, as in:
>http://www2.lshtm.ac.uk/virus.php?backdays=1 
>
>When you say the above, Julian, I'm assuming that doing an RPM install
and
>therefore ending up with MIME-tools that way *includes* these patches?

Yes.


Hmmm....

I've never done anything but the RPM install, but I'm still seeing the
'zi' type files. I just assumed that MailScanner installed the patches
as part of the install.sh RPM install process. One note: f-prot's
updated definitions did fix the problem on this end so I'm not convinced
missing patches were really the cause.

>>>>>>>>>>>>>>>>>>>>>>

Me Too. . .

I've also only done the RPM installs * and didn't see any error messages during
the install.

What's intersting is that my install ofSophos is now catching the "captured" files 
I was testing with on Wednesday and early Thursday, well after they said they 
the signatures were in the updates. I'm still using their "evaluation" download
(waiting on the P.O. to go through) but the sales person reassured that the 
version I have should be catching everything. Does anyone know if the 
IDE's freely available are the same one's available via the subscription?

My point * I agree that adding the capability of blocking attachements within
an archive file is a good thing.


Jeff