A cautionary tale of Sophos and MS

Julian Field MailScanner at ecs.soton.ac.uk
Mon Feb 6 11:40:06 GMT 2006


On 6 Feb 2006, at 11:22, Peter Bates wrote:
> Hello all...
> I arrived in this morning to assorted clamouring about
> a lack of external email.
> Looking closer, I could see that after the autoupdate of Sophos
> on Saturday night just after midnight, the version was 'out of date'
> so started throwing:
> Feb  4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The
> main body of virus data is out of date (542)::
> ./AE3CA13F8E4.6C3F0/msg-11382-11.txt
> End result was all our external (in/out) email over the weekend has
> disappeared into the great bitbucket in the sky as this was then  
> tagged
> as a 'Silent virus' and not quarantined.
> Entirely my fault for not updating Sophos for a couple of months, but
> might be something worth considering to include in 'Allowed Sophos  
> Error
> Messages' if you're a Sophos user... that or still quarantine silent
> viruses and clear the quarantine out from time to time.

Eek! Sorry that happened. I have added that text to the list I supply  
in the sample line just above the real line.
Do you think I should make the default setting this:

Allowed Sophos Error Messages = "corrupt", "format not supported",  
"File was encrypted", "The main body of virus data is out of date"

Any there that shouldn't be there by default?
Your thoughts please...

- -- 
Julian Field
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Version: PGP Desktop 9.0.4 (Build 4042)


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list