Viruses apparently getting through

Gib Gilbertson Jr. gib at TMISNET.COM
Sun Dec 4 00:13:16 GMT 2005


At 05:40 PM 3/12/2005, you wrote:
>Sigh.  I think this is another OS-specific instance of Clam failing
>to catch Sober.U, noted by me earlier this week in this list.
>Try using the latest CVS version of Clam to see if this solves your
>Jeff Earickson
>Colby College

ClamAV is catching the Sober.U virus. Here is a typical entry from my maillog.

Dec  3 08:41:05 thumper MailScanner[11564]: 
Worm.Sober.U FOUND
Dec  3 08:41:05 thumper MailScanner[11564]: Virus Scanning: ClamAV 
found 1 infections
Dec  3 08:41:05 thumper MailScanner[11564]: Infected message 
jB3Gei3e027819 came from
Dec  3 08:41:05 thumper MailScanner[11564]: Virus Scanning: Found 1 viruses

This appears to be a virus called Win32.Sober.W!.ZIP according to 
ZoneAlarm Security Suite. Note the W in the virus name.


>On Sat, 3 Dec 2005, Gib Gilbertson Jr. wrote:
>>Date: Sat, 3 Dec 2005 13:21:13 +1000
>>From: Gib Gilbertson Jr. <gib at TMISNET.COM>
>>Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>Subject: Viruses apparently getting through
>>I seeing a lot of e-mails getting through that are caught by 
>>ZoneAlarm Security Suite and reported to be infected by the 
>>Win32.Sober.W!.ZIP virus. These are coming in as attachments with 
>>the extension .zm9 as reported by ZoneAlarm.
>>I am running the following on FreeBSD 4.10
>>MailScanner 4.32.4
>>ClamAV 0.87.1/1200
>>I've added a file types rule to deny \.zm9$ files
>>I'm still getting them in e-mail though.
>>Any thoughts?

      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list