Mydoom Virus getting Through

Kyle Harris lists at TRCINTL.COM
Tue Feb 10 19:58:56 GMT 2004


On Tue, 10 Feb 2004 14:51:28 -0500, Admin Team <sysadmins at ENHTECH.COM>
wrote:

>At 02:26 PM 2/10/2004, you wrote:
>>I have been running MailScanner for quite some time and it has
successfully
>>found literally thousands of e-mail's infected with the Mydoom virus, as
>>well as many others.  However, I have noticed that every now and then for
>>whatever reason one seems to slip through MailScanner.  The reason I know
>>this is that my mail is first scanned with MailScanner (using eTrust
>>Antivirus 7.0) and then it is sent on to another machine running
TrendMicro
>>InterScan VirusWall (I had that in place before MailScanner).
>>
>>On about 4 occasions since the outbreak of Mydoom, a copy of the virus has
>>made it through MailScanner undetected and has then been caught by the
>>TrendMicro product.  I had it happen several times already today.  I
>>checked the e-mail ID and I see in the log on MailScanner where it passed
>>through without a hitch.
>>
>>I seem to recall someone posting something earlier about this occuring
>>while using the Sophos antivirus product.  I just thought this might be
>>something to take note of.  By the way, I am currently using MailScanner
>>version 4.26.8 and my virus signatures are up to date.  TrendMicro
>>InterScan VirusWall reports the e-mail messages in question as having
>>Mydoom.A.
>
>I know this is obvious for some, but still. Check your original message
>headers if you can. If your final SMTP server is not
>protected from the Internet, it may be open to receive message that were
>not routed through MX records. We are seeing
>some of this lately.

The messages in question never get to the final SMTP server (which, by the
way is protected from the Internet).  The messages in question are clearly
going through MailScanner, but thanks anyway.

>
>
>Regards,
>
>Errol Neal



More information about the MailScanner mailing list