Sophos missed MyDoom-A bounced msg

Dustin Baer dustin.baer at IHS.COM
Mon Feb 9 17:09:55 GMT 2004

Travis Taylor wrote:
> We are trying to figure out how an email slipped past MailScanner with
> Sophos.  Symantec quarantined the message on the server when the user
> checked her mail this morning.
> The message was a bounce from a site that does not permit executables.
> Here is the message recovered from the quarantine server:
> [snip]
> So far MailScanner has caught 1817 MyDoom-A virus, with the exception of
> 27 MyDoom infected messages that slipped through during the window
> when the virus was released in the wild and before Sophos updated the
> definitions, MailScanner and Sophos has caught everyone since until now.
> Anyone got some ideas on what to check or how to verify this got
> through?
> Is this something we need to sent to Sophos?
> Using RH 9, MailScanner v4.23-11, and Sophos v3.75
> ---
> Travis Taylor, EMail Administrator


We have the same situation here.  Right now, I am trying to retreive the
Symantec quarantined documents, and will be sending them to Sophos.

I would suggest sending them yours, also.

Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112

More information about the MailScanner mailing list