Sophos patch for MyDoom re-issued


Sophos patch for MyDoom re-issued

Cliff Saran
Anti-virus company Sophos has had to issue a new patch to correct flaws in the fix it released last week to protect users against the MyDoom worm. Sophos admitted that the original patch to its gateway software for enterprise users may not be able to detect MyDoom and could crash, locking up the server.

It also warned users of third-party anti-virus gateways that its Savi programming interface would also be affected by the flaw.

According to Phil Wood, product manager at Sophos, the problem was caused because some e-mail servers were not handling e-mail encoded in the Mime format correctly.

He said the server should stop any e-mail with errors in the Mime encoding, but that in some instances invalid messages were getting through. Such invalid Mime messages would cause the Sophos e-mail gateway software to crash. Wood said it was impossible to anticipate all types of malformed messages.

As well as crashing the Sophos gateway, the flaw may cause Sophos to fail to detect MyDoom when it is embedded in failed e-mail notifications sent from the qmail Unix mail server.

Independent security consultant Phil Cracknell said the problems with Sophos might have arisen because the MyDoom worm caught virus researchers by surprise. "Researchers cannot develop an antidote fast enough," he said. Cracknell believed that researchers had to rush out an anti-virus update before fully understanding the virus.

Affected users are advised to download the operating system-specific version of Sophos Anti-Virus.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy