Mydoom Virus getting Through

Admin Team sysadmins at ENHTECH.COM
Tue Feb 10 19:51:28 GMT 2004

At 02:26 PM 2/10/2004, you wrote:
>I have been running MailScanner for quite some time and it has successfully
>found literally thousands of e-mail's infected with the Mydoom virus, as
>well as many others.  However, I have noticed that every now and then for
>whatever reason one seems to slip through MailScanner.  The reason I know
>this is that my mail is first scanned with MailScanner (using eTrust
>Antivirus 7.0) and then it is sent on to another machine running TrendMicro
>InterScan VirusWall (I had that in place before MailScanner).
>On about 4 occasions since the outbreak of Mydoom, a copy of the virus has
>made it through MailScanner undetected and has then been caught by the
>TrendMicro product.  I had it happen several times already today.  I
>checked the e-mail ID and I see in the log on MailScanner where it passed
>through without a hitch.
>I seem to recall someone posting something earlier about this occuring
>while using the Sophos antivirus product.  I just thought this might be
>something to take note of.  By the way, I am currently using MailScanner
>version 4.26.8 and my virus signatures are up to date.  TrendMicro
>InterScan VirusWall reports the e-mail messages in question as having

I know this is obvious for some, but still. Check your original message
headers if you can. If your final SMTP server is not
protected from the Internet, it may be open to receive message that were
not routed through MX records. We are seeing
some of this lately.


Errol Neal

More information about the MailScanner mailing list