What's Going on here?
Jason Balicki
kodak at FRONTIERHOMEMORTGAGE.COM
Tue Sep 2 17:08:30 IST 2003
>If there is no
>attachment,
>can Sophos still detect it?
I don't believe so. There are two "issues" with Sobig-F. One issue is
when Sobig-F sends no attachment -- not a problem, it'll get past any
default checks (and will confuse the user) but no damage will be done.
Your MTA may allow you to reject mail based on subject and/or other
textual clues, and you may want to try that approach (not *just* subject
though. :)
The second is the damaged Sobig-F executable. It will not run, but may
get past a scanner. If the system in question is set up to not allow any
executables through you're fine. (Most likely your AV vendor has an updated
signature for the damaged Sobig-F by now though, so it should be getting
tagged and stripped at this point.)
--J(K)
More information about the MailScanner
mailing list