Mydoom Virus getting Through

Drew Marshall drew at THEMARSHALLS.CO.UK
Wed Feb 11 20:37:35 GMT 2004


Daniel Kleinsinger wrote:

> Julian Field wrote:
>
>> The message that contained the MyDoom that got through Sophos (before
>> 3.78d) was actually a bounce from another mail server that included the
>> entire text of the original message.
>>
>> Fortunately it's not been a big problem so far, but I would quite
>> like to fix it if I can.
>>
>>
>>
> I'm running Sophos in addition to Trend and F-Prot.  Using MailWatch I
> checked which virii got caught by which scanner and before installing
> 3.78d Sophos was catching a few less MyDoom.A (5-20 of 300-500 total
> MyDoom.A slipped past Sophos everyday).  Since installing 3.78d
> (yesterday) Sophos is catching all that Trend and F-Prot are.  There
> still seem to be some people having issues with 3.78d, but in my case it
> seems like it was a problem with Sophos, not MailScanner.
>
> Daniel

I would suggest that this as much an antivirus issue. I run F-prot and
Antivir and until Antivir updated their engine about a week ago only
F-prot was reliably catching the bounce messages with the original
message attached. With the new engine, all is well again and both are
catching them. Looks like F-Prot had a better message scanning engine
than the others had at the time.

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy



More information about the MailScanner mailing list