bagle-i worm
Dan Newcombe
Newcombe at MORDOR.CLAYTON.EDU
Tue Mar 2 17:43:24 GMT 2004
On Tue, 2 Mar 2004, Marco Obaid wrote:
> Sophos, in my case, has been able to intercept Bagel A through F. For some
> reason, it failed to do so for the Bagle.I. I am upgrading Sophos to the March
> relesse and will Upgrade MS to latest-stable. Then I will test if Bagle.I will
> make it through this time before I re-allow zip attachments on my site.
Is Sophos supposed to be able to identify the password-protected zip file
or just the virus that's in the file itself? I would guess that the
password is different from file to file making a signature very difficult.
Just can't win - instead of setting up an ftp server for
once-in-a-blue-moon files needed from off site, we asked people to just
send a pw-protected ZIP file, and now those are on the evil list.
Ah...microsoft security.
More information about the MailScanner
mailing list