bagle-i worm
Marco Obaid
marco at MUW.EDU
Tue Mar 2 17:12:22 GMT 2004
I can confirm that Bagle-I worm did make it through our MS gateways. I am
running both Sophos and Command AV (up-to-date) and both let it slip through.
We are running MS 4.26.8-1 and will upgrade to the latest one soon, if it
helps. Meanwhile, I have blocked zip files temporarily.
Quoting Derek Winkler <dwinkler at ALGORITHMICS.COM>:
> For Bagle-H Sophos included this note:
>
> "W32/Bagle-H sends itself as a password protected ZIP file that is not
> detected by this identity. However, when unzipped by the user the worm will
> be detected by Sophos Anti-Virus at the user's desktop."
>
> May be true of Bagle-I since it also uses password protected ZIP files as
> well, although they didn't specifically say.
>
More information about the MailScanner
mailing list