Sophos missed MyDoom-A bounced msg
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Feb 9 20:11:14 GMT 2004
At 17:37 09/02/2004, you wrote:
>Travis Taylor wrote:
>>>Travis,
>>>
>>>We have the same situation here. Right now, I am trying to retreive
>>>the Symantec quarantined documents, and will be sending them to Sophos.
>>>
>>>I would suggest sending them yours, also.
>>>
>>>Dustin
>>>--
>>>Dustin Baer
>>>Unix Administrator/Postmaster
>>>Information Handling Services
>>>15 Inverness Way East
>>>Englewood, CO 80112
>>>303-397-2836
>>
>>
>>I'm in the process of sending it to sophos now, Dustin.
>>
>>On a side note, I decided to sent the quarantined message as an
>>attachment to myself and MailScanner/Sophos caught it. Though when I
>>pasted the infected bounced message in the body of a message and sent
>>it to myself it slipped through without being detected. I'm wondering
>>if this has something to do with how the message is encoded (mime,
>>uuencode, etc).
>>
>
>This is a known issue with MailScanner and specifically one of the Perl
>modules it uses.
>
> From memory Julian asked for anyone with such an email to forward it
>direct to him (not the list) so he can investigate the problem.
>
>I hope Julian doesn't shoot me getting people to send him viruses.
>
>You might want to email him before hand to warn him an example is on the
>way!
We have seen some cases where Sophos with MailScanner failed to spot a
MyDoom. But F-Prot on the same system (running as a secondary scanner)
spotted the virus just fine. So somehow Sophos is missing it when F-Prot is
finding it.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list