A cautionary tale of Sophos and MS

Julian Field MailScanner at ecs.soton.ac.uk
Mon Feb 6 11:40:06 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----

On 6 Feb 2006, at 11:22, Peter Bates wrote:
>
> Hello all...
>
> I arrived in this morning to assorted clamouring about
> a lack of external email.
>
> Looking closer, I could see that after the autoupdate of Sophos
> on Saturday night just after midnight, the version was 'out of date'
> so started throwing:
>
> Feb  4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The
> main body of virus data is out of date (542)::
> ./AE3CA13F8E4.6C3F0/msg-11382-11.txt
>
> End result was all our external (in/out) email over the weekend has
> disappeared into the great bitbucket in the sky as this was then  
> tagged
> as a 'Silent virus' and not quarantined.
>
> Entirely my fault for not updating Sophos for a couple of months, but
> might be something worth considering to include in 'Allowed Sophos  
> Error
> Messages' if you're a Sophos user... that or still quarantine silent
> viruses and clear the quarantine out from time to time.

Eek! Sorry that happened. I have added that text to the list I supply  
in the sample line just above the real line.
Do you think I should make the default setting this:

Allowed Sophos Error Messages = "corrupt", "format not supported",  
"File was encrypted", "The main body of virus data is out of date"

Any there that shouldn't be there by default?
Your thoughts please...


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)

iQEVAwUBQ+c1m/w32o+k+q+hAQHW4Af/SH6g8rlzZSvNhs50rSqAx2vPukX1S/Ma
9CC/kxAy4FiWildo15BS4ZQ/xpDU/8EwM67HuwPyXdxB2TjEYZC7lLAByIMhrzcU
pmz9Tzpr6TxXsfaGa+Id8E5mcHPe6g+NjddGCkrDl8c+/ZnXou14kVsYv4UpYwsK
1BcnbtgjfI6H85lU2h6UUHOwEnvY1NZSxJQtUXhgQgIA8Vdm5cnkJZNK7XpV5hh/
gMqx+WF4fpd+TMOPfROoFyiZJ7FFsIGx1GyjOx9yyuYnPDZ9DbwUybitIZ8KcbZZ
gnRqSUma/d+jX7iXXIq/gFLa7F+15bcpodYYeCJX7wPWSQpKBzd9ag==
=WZ43
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list