Mydoom Virus getting Through

Julian Field mailscanner at ecs.soton.ac.uk
Tue Feb 10 20:44:18 GMT 2004 

At 20:04 10/02/2004, you wrote:
>On Tue, 10 Feb 2004 19:32:42 +0000, Julian Field
><mailscanner at ECS.SOTON.AC.UK> wrote:
>
> >At 19:26 10/02/2004, you wrote:
> >>I have been running MailScanner for quite some time and it has
>successfully
> >>found literally thousands of e-mail's infected with the Mydoom virus, as
> >>well as many others.  However, I have noticed that every now and then for
> >>whatever reason one seems to slip through MailScanner.  The reason I know
> >>this is that my mail is first scanned with MailScanner (using eTrust
> >>Antivirus 7.0) and then it is sent on to another machine running
>TrendMicro
> >>InterScan VirusWall (I had that in place before MailScanner).
> >>
> >>On about 4 occasions since the outbreak of Mydoom, a copy of the virus has
> >>made it through MailScanner undetected and has then been caught by the
> >>TrendMicro product.  I had it happen several times already today.  I
> >>checked the e-mail ID and I see in the log on MailScanner where it passed
> >>through without a hitch.
> >>
> >>I seem to recall someone posting something earlier about this occuring
> >>while using the Sophos antivirus product.  I just thought this might be
> >>something to take note of.  By the way, I am currently using MailScanner
> >>version 4.26.8 and my virus signatures are up to date.  TrendMicro
> >>InterScan VirusWall reports the e-mail messages in question as having
> >>Mydoom.A.
> >
> >Can you set "Quarantine Whole Message = yes" and send me the quarantined
> >copy of one that get through please? You will need to put it in a
> >password-protected zip file to get to me.
>
>I would be more than happy to do this as I have already received two more
>since I posted this, but won't it only quarantine something if it finds a
>virus in it?  Since MailScanner is not finding anything wrong with the
>messages in question, it is sending them on.

Either dig out the message as finally delivered (lift it out of the mailbox
completely intact) or just use "Archive Mail" to store absolutely
everything until you know you've found one. Then switch off "Archive Mail"
again.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list