Novell is now a part of Micro Focus

Bugs Everywhere! Sober Virus revisited.

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 13 Dec 2005

A few weeks ago we ran a story encouraging GroupWise Administrators to run a sweep against their GroupWise Post Office database to look for viruses that had crept into the message store. Here is a follow-up from one organization that followed that advice:

Walton School District in Florida has an attentive staff that stays on top of virus outbreaks, but they knew that last month's Sober virus attack very possibly found a way to penetrate their email defenses. As a GWAVA customer, they read the article in Cool Solutions and decided to take advantage of the ability to scan their GroupWise Encrypted Databases for lurking viruses. They have 14 GroupWise post offices with approximately 1,000 users throughout the school district.

After scanning the first post office at the district headquarters, they immediately discovered more than 50 viruses hiding within their email system.

Bob Raffety, the GroupWise administrator for Walton School District was impressed that he quickly found so many viruses with GWAVA. "The Sober virus hit us hard," he said. "But we have gone the extra step to ensure that we remove all copies of the viruses from inside the system."

One question that always comes up is, How do these viruses get into the GroupWise Message Store even when aggressive desktop and perimeter gateway solutions are used? There are several ways. A fast-moving virus like Sober is in a race against time with Anti-Virus vendors. It is possible for the virus to slip past an AV Engine in the first few hours of the outbreak before the AV vendors have had time to respond to the new attack.

Also, the Web Access Gateway can allow viruses in. WebAccess delivers email directly to the GroupWise Message store without any scanning occurring. WASP from GWAVA was developed to protect the WebAccess from infecting GroupWise with viruses. You can find out more about WASP here.

The biggest threat is Outlook and users who are using POP3 or the new Outlook Plug-in. Most viruses are designed for Outlook, and if any of your users are using POP3 to access their email there is a good chance they are infecting the message store. GWAVA operates from inside of GroupWise, which often times prevents viruses from spreading within your organization, but the viruses can build up inside the Post Office and be sent back out via the Outlook client through other accounts the user might be using. In the case of Walton School District, the worst offender in the first post office was using POP3 to access their email and was sending out large amounts of viruses to people inside and outside the organization. The GWAVA scan has now cleaned that up and stopped that user from infecting others.

In case you missed it, check out the original article that explains how you can sweep your post office for viruses with GWAVA's Post Office Virus Scan. If you don't have GWAVA you can download a limited trial at

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates