mailscanner at mango.zw
Sat Feb 4 13:27:13 GMT 2006
> > > Naturally as long as everything is up to date things should be ok.
> > > People don't really know that a virus is going to happen before it does
> > > do they?
> > Only if the bug has a timer/date trigger in them. They get installed,
> > then lie in wait, and BAM do nasty things later. Once detected early,
> > we effectively reverse engineer the virus code, know that the virus will
> > trigger in the future, thus know it's going to happen before. Once users
> > update their scanning softs they can be assured the bug will be
> > eradicated before they trigger.
> > The media is a funny animal, they latch onto these bugs seemingly at
> > random, spreading doom and gloom, when we techs know that new bugs are
> > a daily occurrence, and are quickly and quietly squished by anti-virus
> > community.
Of course the media loves to hype these things, but I think that this was
a valid case for some extra attention. Not only was the worm particularly
destructive (just one single infected machine on a network could have
destroyed all files in a shared folder on a file server that the machine
had access to), but early copies did manage to get through the virus
scanners and MailScanner itself. I have not come across that situation
since the Bagle worm with its password-protected zip files.
Because we log the attachments that are sent to users we were able to
determine that 6 of our 2500 members had received copies of the virus in
uuencoded form. One of those 6 then opened the attachment with WinZip and
got infected as a result. Fortunately we were able to clean up their
infection before Friday, so no damage was done.
I think the media hype was a useful wakeup call to ordinary users to get
them to update their antivirus software and to keep backups on separate
MANGO - Zimbabwe's non-profit e-mail service
More information about the MailScanner