W32/Bagle-Zip
Martin Sapsed
m.sapsed at BANGOR.AC.UK
Thu Mar 4 17:59:55 GMT 2004
Ryan Pitt wrote:
> Hirsh, Joshua wrote:
>> Looks like Sophos is now matching against the passworded zip's for the
>> Bagle
>> strains:
>>
>> http://www.sophos.com/virusinfo/analyses/w32baglezip.html
>
> This baglezip ide was downloaded automatically, so I temporarily
> *allowed* .zip files to pass through MailScanner and sent a copy of
> Bagle-K through and Sophos still does not detect it.
> I'm not sure exactly what this definition is supposed to do thats
> different.
This is certainly catching a number of messages for us. I understand
that this matches the encrypted zip files for Bagles H-K as opposed to
the decrypted contents.
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the MailScanner
mailing list