bagle-i worm

Julian Field mailscanner at ecs.soton.ac.uk
Tue Mar 2 19:20:00 GMT 2004


Short answer is "no there isn't". Upgrade to the latest beta release of
MailScanner and you will be protected against password-encrypted zip files,
which is about the only way to stop this at the gateway.

At 17:25 02/03/2004, you wrote:
>Good day:
>
>Correct me if I am wrong, but if the zip is password protected, how would
>the end user open it w/o a password?  So should I be worried if some get
>through?  We have clients with slow Satellite connections, so it is
>difficult for them to upgrade their virus defs, so we are there only line of
>defense.  Is there a way for Sophos to scan password protected zip files?
>
>Thanks,
>
>SC
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
>Of Marco Obaid
>Sent: Tuesday, March 02, 2004 12:12 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: bagle-i worm
>
>I can confirm  that Bagle-I worm did make it through our MS gateways. I am
>running both Sophos and Command AV (up-to-date) and both let it slip
>through.
>We are running MS 4.26.8-1 and will upgrade to the latest one soon, if it
>helps. Meanwhile, I have blocked zip files temporarily.
>
>
>Quoting Derek Winkler <dwinkler at ALGORITHMICS.COM>:
>
> > For Bagle-H Sophos included this note:
> >
> > "W32/Bagle-H sends itself as a password protected ZIP file that is not
> > detected by this identity. However, when unzipped by the user the worm
>will
> > be detected by Sophos Anti-Virus at the user's desktop."
> >
> > May be true of Bagle-I since it also uses password protected ZIP files as
> > well, although they didn't specifically say.
> >

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list