What's Going on here?
Stephen Lee
splee at PLEXIO.COM
Tue Sep 2 16:55:50 IST 2003
On Tue, 2003-09-02 at 06:24, Jason Balicki wrote:
> >I've seen a few instances like this and having quarantined them, I sent
> >them to Sophos. They were all broken copies. I've also sometimes seen
> >Sobig-like attachments which were in fact empty. There were quite a lot
> >like this with Bugbear which caused them to issue the Bugbear-Dam ide.
>
> Indeed, they have sent me a sbf-dam.ide that doesn't appear to have
> been publicly released (yet). If anyone is interested, you can email me
> and I'll send it along. Also, I'm sure Sophos would be happy to send
> it to anyone who asks.
At the height of the Sobig.F storm one of my mail servers
(MS/Sophos/Exim) let through 3000+ copies of what appeared to be
Sobig.F-like messages without any attachment. If there is no attachment,
can Sophos still detect it? I guess there must be some other virus-like
signature within the message.
Stephen
More information about the MailScanner
mailing list