Sophos missed MyDoom-A bounced msg

Dustin Baer dustin.baer at IHS.COM
Mon Feb 9 17:09:55 GMT 2004


Travis Taylor wrote:
>
> We are trying to figure out how an email slipped past MailScanner with
> Sophos.  Symantec quarantined the message on the server when the user
> checked her mail this morning.
>
> The message was a bounce from a site that does not permit executables.
>
> Here is the message recovered from the quarantine server:
>
> [snip]
>
> So far MailScanner has caught 1817 MyDoom-A virus, with the exception of
> 27 MyDoom infected messages that slipped through during the window
> when the virus was released in the wild and before Sophos updated the
> definitions, MailScanner and Sophos has caught everyone since until now.
> Anyone got some ideas on what to check or how to verify this got
> through?
>
> Is this something we need to sent to Sophos?
>
> Using RH 9, MailScanner v4.23-11, and Sophos v3.75
>
> ---
> Travis Taylor, EMail Administrator

Travis,

We have the same situation here.  Right now, I am trying to retreive the
Symantec quarantined documents, and will be sending them to Sophos.

I would suggest sending them yours, also.

Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836



More information about the MailScanner mailing list