bagle-i worm

Stephen Conway sconway at WLNET.COM
Tue Mar 2 17:25:07 GMT 2004

Good day:

Correct me if I am wrong, but if the zip is password protected, how would
the end user open it w/o a password?  So should I be worried if some get
through?  We have clients with slow Satellite connections, so it is
difficult for them to upgrade their virus defs, so we are there only line of
defense.  Is there a way for Sophos to scan password protected zip files?



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Marco Obaid
Sent: Tuesday, March 02, 2004 12:12 PM
Subject: Re: bagle-i worm

I can confirm  that Bagle-I worm did make it through our MS gateways. I am
running both Sophos and Command AV (up-to-date) and both let it slip
We are running MS 4.26.8-1 and will upgrade to the latest one soon, if it
helps. Meanwhile, I have blocked zip files temporarily.

Quoting Derek Winkler <dwinkler at ALGORITHMICS.COM>:

> For Bagle-H Sophos included this note:
> "W32/Bagle-H sends itself as a password protected ZIP file that is not
> detected by this identity. However, when unzipped by the user the worm
> be detected by Sophos Anti-Virus at the user's desktop."
> May be true of Bagle-I since it also uses password protected ZIP files as
> well, although they didn't specifically say.

More information about the MailScanner mailing list