does SophosSAVI detect trojans?
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Fri Oct 28 13:06:17 IST 2005
Greg
Nope - sometimes it will let the email through, as it's only a html url to
the actual malware.
It will trigger on VBS macro issues....
BUT the problem is still at the desktop, so you still need AV there.
Can't see any reference to the looksky-b stuff anywhere, do you mean
netsky-b? In which case yes Sophos will detects that fine (looking at my
logs for the last few week there's still lots of them about.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Greg Matthews
> Sent: 28 October 2005 12:19
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] does SophosSAVI detect trojans?
>
> On Fri, 2005-10-28 at 12:01 +0100, Martin Hepworth wrote:
> > Greg
> >
> > Should do, but of the Trojans etc won't hit till you try and execute the
> > linked html program on the PC.
> >
> > Ie you still protection on PC if the email gets through the the user
> selects
> > to download to crud
>
> so for instance, the virus detected by sophos might be w32/mytob-xx but
> the payload or download is some troj/foobar - is that what you are
> saying?
>
> On Fri, 2005-10-28 at 12:09 +0100, Julian Field wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Please see www.sophos.com.
>
> well I've looked there (obviously). perhaps I'm dumb or blind, I cant
> see this explained. I'm just guessing that SAVI detects the viruses
> inline while the desktop product detects the troj/ vbs/ etc payloads.
> But this is just a guess. I'm looking for technical reassurance!
>
> This all came about because one of our users wanted to know that we were
> catching the (Symantec named) looksky-b trojan. So far I've found it
> impossible to tell for sure as I dont use symantec on the relays.
>
> GREG
>
> >
> > --
> > Martin Hepworth
>
> --
> Greg Matthews 01491 692445
> Head of UNIX/Linux, iTSS Wallingford
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list