Sophos missed MyDoom-A bounced msg

Spicer, Kevin Kevin.Spicer at BMRB.CO.UK
Tue Feb 10 13:55:59 GMT 2004

Martin Sapsed wrote:
> 20020401 at wrote:
> As an aside, looking at the message Travis pasted in, would the
> payload actually be identified as an attachment by any reasonable
> mail program? I realise that we ought to find everything but if the
> code isn't readily useable then how much does it matter that it got
> through? 
This issue is also receiving attention on the clam list..

I think its important (reputation wise) to detect everything we can - because some scanners do match it (Symantec has a signature for the encoded file for example), this makes it look like MailScanner/Clam/Sophos missed it (which they did, even though it doesn't really matter).  Also just because we can't unpack it doesn't mean that there isn't a more tolerent MUA out there that can.

BMRB International
+44 (0)20 8566 5000
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 

More information about the MailScanner mailing list