Mydoom Virus getting Through

Kyle Harris lists at TRCINTL.COM
Tue Feb 10 20:04:31 GMT 2004 

On Tue, 10 Feb 2004 19:32:42 +0000, Julian Field
<mailscanner at ECS.SOTON.AC.UK> wrote:

>At 19:26 10/02/2004, you wrote:
>>I have been running MailScanner for quite some time and it has
successfully
>>found literally thousands of e-mail's infected with the Mydoom virus, as
>>well as many others.  However, I have noticed that every now and then for
>>whatever reason one seems to slip through MailScanner.  The reason I know
>>this is that my mail is first scanned with MailScanner (using eTrust
>>Antivirus 7.0) and then it is sent on to another machine running
TrendMicro
>>InterScan VirusWall (I had that in place before MailScanner).
>>
>>On about 4 occasions since the outbreak of Mydoom, a copy of the virus has
>>made it through MailScanner undetected and has then been caught by the
>>TrendMicro product.  I had it happen several times already today.  I
>>checked the e-mail ID and I see in the log on MailScanner where it passed
>>through without a hitch.
>>
>>I seem to recall someone posting something earlier about this occuring
>>while using the Sophos antivirus product.  I just thought this might be
>>something to take note of.  By the way, I am currently using MailScanner
>>version 4.26.8 and my virus signatures are up to date.  TrendMicro
>>InterScan VirusWall reports the e-mail messages in question as having
>>Mydoom.A.
>
>Can you set "Quarantine Whole Message = yes" and send me the quarantined
>copy of one that get through please? You will need to put it in a
>password-protected zip file to get to me.

I would be more than happy to do this as I have already received two more
since I posted this, but won't it only quarantine something if it finds a
virus in it?  Since MailScanner is not finding anything wrong with the
messages in question, it is sending them on.

Kyle H.




>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list