Sophos missed MyDoom-A bounced msg
Spicer, Kevin
Kevin.Spicer at BMRB.CO.UK
Tue Feb 10 13:55:59 GMT 2004
Martin Sapsed wrote:
> 20020401 at duh.net wrote:
> As an aside, looking at the message Travis pasted in, would the
> payload actually be identified as an attachment by any reasonable
> mail program? I realise that we ought to find everything but if the
> code isn't readily useable then how much does it matter that it got
> through?
>
This issue is also receiving attention on the clam list..
I think its important (reputation wise) to detect everything we can - because some scanners do match it (Symantec has a signature for the encoded file for example), this makes it look like MailScanner/Clam/Sophos missed it (which they did, even though it doesn't really matter). Also just because we can't unpack it doesn't mean that there isn't a more tolerent MUA out there that can.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
More information about the MailScanner
mailing list