virus from 'support@microsoft.com' not blocked?
Remco Barendse
mailscanner at BARENDSE.TO
Tue May 27 21:54:34 IST 2003
indeed, it is :
Found the W32/Sobig.b at MM virus !!!
For some reason the dat file hasn't been updating since the version of may
7th but even so, the mailscanner rule didn't catch the attachment.
i just tried sending a testfile ending with .pif which was blocked
correctly.
Is there anything invalid in sobig mails that causes MailScanner to not
recognize the attachment filename maybe?
For some reason /pif is blocked correctly, bot not when sobig is sent??
On Tue, 27 May 2003, Craig Pratt wrote:
> On Tuesday, May 27, 2003, at 01:36 PM, Remco Barendse wrote:
> > I have just received the virus that claims to be from
> > support at microsoft.com
> >
> > The weird thing it, it isn't filtered at all.
> >
> [chomp]
>
> I presume this is the Sobig virus.
>
> RavAV's been catching it w/o issue:
>
> The following e-mail messages were found to have dangerous content:
>
> Sender: support at microsoft.com
> IP Address: 68.4.203.36
> Recipient: [chomp]
> Subject: Re: Movie
> MessageID: h4MJ12gC000237
> Report: ./h4MJ12gC000237/your_details.pif Infected: Win32/Sobig.B at mm
> Shortcuts to MS-Dos programs are very dangerous in email
> (your_details.pif)
>
> So it was caught based on content and extension.
>
> Craig
>
> ---
> Craig Pratt
> Strongbox Network Services Inc.
> mailto:craig at strong-box.net
>
>
> --
> This message checked for dangerous content by MailScanner on StrongBox.
>
More information about the MailScanner
mailing list