[Esd-l] Sober.l is sneaking through.
Smart,Dan
SmartD at VMCMAIL.com
Fri Feb 25 07:16:18 PST 2005
Sober.l E-mails with .zip attachments containing a .pif payload is sneaking
by Sanitizer. Not sure why. *.pif is in my zipped_poison list. I'm
wondering if this worm has found a way to bypass the zip checking code.
<<Dan>>
> -----Original Message-----
> From: Franks, Paul
> Sent: Friday, February 25, 2005 8:33 AM
> To: Omar Rodriguez (Omar_Rodriguez at mcafee.com)
> Cc: Ross, Cara; Smart,Dan
> Subject: FW: WebShield Alert
>
> Omar,
>
> I wanted to let you know that we webshield caught about 60
> emails this morning that contained the W32/Sober.l at MM!zip.
> I am not sure if this virus is growing or just an isolated issue.
>
> Paul
>
>
> -----Original Message-----
> From: WebShield [mailto:postmaster at cobhm101.na.vul.com]
> Sent: Friday, February 25, 2005 7:05 AM
> To: Franks, Paul; Ross, Cara; Johnson, Michael (Bham IS);
> Speer, Matt; Parker, Vincent
> Subject: WebShield Alert
>
> An Anti Virus detection has occurred. The content has been
> cleaned due to policy.
>
> Computer: cobhm101
> IP Address: 172.30.102.245
> DAT: 4433
> Engine: 4.4.00
> Detection(s): W32/Sober.l at MM!zip (virus) Scanned object:
> text_register.zip
> Subsystem: smtp
>
> Message generated by McAfee WebShield Appliance
More information about the esd-l
mailing list