Sophos missed MyDoom-A bounced msg

Martin Sapsed m.sapsed at BANGOR.AC.UK
Tue Feb 10 13:38:59 GMT 2004

20020401 at wrote:
> On a side note, I decided to sent the quarantined message as an
> attachment to myself and MailScanner/Sophos caught it.  Though when I
> pasted the infected bounced message in the body of a message and sent
> it to myself it slipped through without being detected.  I'm wondering
> if this has something to do with how the message is encoded (mime,
> uuencode, etc).

Someone's already mentioned 3.78d although a MailScanner user in Germany
has contacted me after my message about 3.78d the other day to say that
he's got a problem with Sophos and some MyDooms and 3.78d didn't fix it.

As an aside, looking at the message Travis pasted in, would the payload
actually be identified as an attachment by any reasonable mail program?
I realise that we ought to find everything but if the code isn't readily
useable then how much does it matter that it got through?



Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

More information about the MailScanner mailing list