Mydoom Virus getting Through

Jason Balicki kodak at FRONTIERHOMEMORTGAGE.COM
Tue Feb 10 19:37:22 GMT 2004


>I seem to recall someone posting something earlier about this occuring
>while using the Sophos antivirus product.  I just thought this might be
>something to take note of.  By the way, I am currently using
>MailScanner
>version 4.26.8 and my virus signatures are up to date.  TrendMicro
>InterScan VirusWall reports the e-mail messages in question as having
>Mydoom.A.

There are issues with some MTAs bouncing MyDoom with munged-up
MIME attachments, making it difficult for email virus scanners
to detect.  I honestly don't know if this is the domain of
the anti-virus product or MailScanner (or it's equivilent.)

Also, I've gotten quite a few through Mailscanner + Sophos
as well, but when examined the attachments were 0 bytes.
This may not be the case with you, but in my case it wasn't
being detected because there was nothing to detect.  It's
possible that Trend sees something in the message itself
(as opposed to the attachment) and calls it "MyDoom" even
though it's not executable.

I would also reccomend adding clamav to your setup.  It's
free and very, very good -- if one doesn't hit the other
probably will.

YMMV, of course.  HTH,

--J(K)



More information about the MailScanner mailing list