On Sun, 31 Aug 2003, Bill Campbell wrote: > On Sun, Aug 31, 2003, Gerry Doris wrote: > >I have received several emails infected with Sobig.F supposedly from > >the list as well a pile of notices from various list members that they > >received infected messages. > > Most of the e-mail worms that attack the Microsoft virus, Windows forge the > headers so they appear to some somebody other than the real sender. > > I'm getting a fairly large number of virus notices from brain-dead virus > scanners addressed to [EMAIL PROTECTED] (not the capitilzation) saying > that I sent them a virus. The only place my e-mail address appears > capitalized like that is in the signature block of my e-mails or perhaps in > some rather ancient usenet news postings (at least 10 years old). I don't > do e-mail on any Windows machines, and never have. The only times I've > ever run OutLook has been to go through the menus to figure out how to > specify server addresses, and once to see how Caldera's Volution Messaging > System's one-click configuration worked. > > My guess is that the volume of mail messages from the so-called virus > scanning software to the forged sender addresses probably is greater than > the volume of actual worms. > > Bill
I believe that Doug is using ClamAV to scan the list messages. I'm using ClamAV as well as F-Prot and TrendMicro. Only F-Prot and Trend are picking up this variant of Sobig.F for me. ClamAV seems to be missing them. I even tried scanning my quarantine directory and ClamAV still misses the virus. Yes. I'm using the latest ClamAV signatures. I suspect these virii are coming through the list. I could be wrong since Sobig forges the headers but I think they're slipping through. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users