Occasionally I read about known viruses slipping through Modus AV. Today I also had such an issue.
Currently W32.Bagle is big in Europe and we received a ton of them today. All were nicely captured by the AV module, only in the middle of the field one slipped through the AV module. As we configured Modus to have AV scanning first and attachment scanning later, this one fortunately then was captured by the attachment scanning module, but created an error message in the Windows 2000 log when Modus wanted to give a warning to the sender: 2004-01-19,12:42:16,MODUSCAN,Error,5896 An error occured while writing quarantine message: F:\MODMAIL\spool\invirus\B0001005627.MSG (Error = failed to compose warning message) As I can access the blocked message in the attachment quarantine I attach it to this mail (the zip password is "bagle"). The message looks perfectly intact and not like a damaged attachment, it also gives my a virus warning on my working pc. It really looks like Norman just had a bad day here. btw: as 'Bagle' is just another example of a worm using forged sender addresses, I recommend again NOT to send out warning messages for viruses, as this will just add to the worm damages via confusion. I recommend this sequence for AV scanning: 1. AV scanning FIRST with no warnings to senders 2. ATTACHMENT scanning with warnings to senders Kai Fiebach Musikhochschule Luebeck, Germany http://www.mh-luebeck.de
slip.zip
Description: Binary data
