What's Going on here?
Martin Sapsed
m.sapsed at BANGOR.AC.UK
Tue Sep 2 18:42:34 IST 2003
Stephen Lee wrote:
> At the height of the Sobig.F storm one of my mail servers
> (MS/Sophos/Exim) let through 3000+ copies of what appeared to be
> Sobig.F-like messages without any attachment. If there is no attachment,
> can Sophos still detect it? I guess there must be some other virus-like
> signature within the message.
No. Sophos will only detect Sobig-F if it's given a non-damaged
executable attachment to look at.
If you want to block Sobig messages which don't have the proper
attachments then you need to look at sendmail/exim rules (as in the
archive) or spamassassin rules.
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the MailScanner
mailing list