Hello,

My name is Mihai and I am from Romania.I am very glad that I found this forum because I want to clarify about the BAGLE.F worm how it works.
I am a reseller of NOD32 and this morning I've received an email from a very important and special client which notified me that this kind of worm is not blocked under Linux Mail Server.The message was encrypted with password and the antivirus software checked it and let the infested email to be delivered in the email account.So, the virus passed the mail server and it was delivered on the workstation.Here, the Norman Antivirus (NVC) has captured it and blocked it...so, how can I explain this to my client?

Plz help as soon as you can...
Thank you very much.You're doing a good job...
I'll have a long, long night...

dear Mihai, some Bagle variants arrive in emails as a password protected archive. as the archive is locked by a password most antivirus softwares can't peek inside it. so the file isn't scanned. but during decompression the virus is detected. so there is no chance of infection. its quite normal that NOD32 failed to detect it. if you want more information about this bug click here (http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.f@mm.html).

Thank You very much for your support ...
I want to ask you if you know what vendor can defeat on Linux Mail Server this type of infection.Does it exists?

Thanks again ...

dear buttollo, glad to be of any help. please visit those links and decide for yourself what do you want. the first one is a software product and the second one is a service.

Link1 (http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html) and Link2 (http://www.f-prot.com/products/corporate_users/aves/).