Mydoom Virus getting Through

Drew Marshall drew at THEMARSHALLS.CO.UK
Wed Feb 11 20:37:35 GMT 2004

Daniel Kleinsinger wrote:

> Julian Field wrote:
>> The message that contained the MyDoom that got through Sophos (before
>> 3.78d) was actually a bounce from another mail server that included the
>> entire text of the original message.
>> Fortunately it's not been a big problem so far, but I would quite
>> like to fix it if I can.
> I'm running Sophos in addition to Trend and F-Prot.  Using MailWatch I
> checked which virii got caught by which scanner and before installing
> 3.78d Sophos was catching a few less MyDoom.A (5-20 of 300-500 total
> MyDoom.A slipped past Sophos everyday).  Since installing 3.78d
> (yesterday) Sophos is catching all that Trend and F-Prot are.  There
> still seem to be some people having issues with 3.78d, but in my case it
> seems like it was a problem with Sophos, not MailScanner.
> Daniel

I would suggest that this as much an antivirus issue. I run F-prot and
Antivir and until Antivir updated their engine about a week ago only
F-prot was reliably catching the bounce messages with the original
message attached. With the new engine, all is well again and both are
catching them. Looks like F-Prot had a better message scanning engine
than the others had at the time.


In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.

More information about the MailScanner mailing list