Sophos missed MyDoom-A bounced msg
dustin.baer at IHS.COM
Mon Feb 9 17:09:55 GMT 2004
Travis Taylor wrote:
> We are trying to figure out how an email slipped past MailScanner with
> Sophos. Symantec quarantined the message on the server when the user
> checked her mail this morning.
> The message was a bounce from a site that does not permit executables.
> Here is the message recovered from the quarantine server:
> So far MailScanner has caught 1817 MyDoom-A virus, with the exception of
> 27 MyDoom infected messages that slipped through during the window
> when the virus was released in the wild and before Sophos updated the
> definitions, MailScanner and Sophos has caught everyone since until now.
> Anyone got some ideas on what to check or how to verify this got
> Is this something we need to sent to Sophos?
> Using RH 9, MailScanner v4.23-11, and Sophos v3.75
> Travis Taylor, EMail Administrator
We have the same situation here. Right now, I am trying to retreive the
Symantec quarantined documents, and will be sending them to Sophos.
I would suggest sending them yours, also.
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
More information about the MailScanner