Statement from Sophos
The February 2002 edition of PC Answers magazine contains a
comparative review of anti-virus products.
The review claims that Sophos is incapable of detecting the
LoveLetter and Melissa viruses. The review makes similar claims
about some other anti-virus products such as Trend PC-Cillin and
Sophos has been in touch with Future Publishing, the publishers
of PC Answers, and acquired the samples that were used during the
Detailed examination by Sophos researchers have confirmed that
both the Melissa and the LoveLetter sample that PC Answers tested
against are not viral.
Melissa is a Word macro virus that infects Microsoft Word
documents and distributes itself in the form of a DOC file. The
tester at PC Answers cut-and-pasted the viral code from an infected
document and saved it as a VBS file (Note: Melissa is not a VBS
virus). In the process the tester at PC Answers made the file
non-viral. Indeed, if the VBS file is launched an error message is
displayed and the file refuses to replicate.
As such, it poses no threat.
The error message
displayed when the Melissa sample fails to replicate. It is not a
LoveLetter is a Visual Basic Script virus. The file PC Answers
tested against to determine whether an anti-virus product could
detect LoveLetter was corrupted with carriage returns and line
feeds (CR+LF). LoveLetter does not distribute itself in this form
and, indeed, the file PC Answers tested against is not a virus. If
you try and launch the file PC Answers tested against users are
presented with an error message saying "Unterminated string
constant", and the file fails to replicate.
The error message
displayed when the LoveLetter sample fails to replicate. It is not
Sophos was correct not to detect these files as viruses, because
they are not viruses - they do not replicate.
It is ironic that Sophos Anti-Virus, and anti-virus products
from other vendors, are penalised in this review for not false
alarming on these non-viral files.
Sophos has contacted PC Answers with the above information and
asked for a retraction and a new review of the anti-virus products
on the marketplace with a professional testing methodology against
Users wishing to see independent comparative reviews of
anti-virus software are invited to consult the following
professional anti-virus testing houses which confirm Sophos's
ability to detect 100 per cent of the viruses in the wild,
including the Melissa and LoveLetter viruses:
Sophos Anti-Virus is recognised for its consistently high virus
detection rates by bodies such as the ICSA, Virus Bulletin and West
Statement from PC Answers
PC Answers would like to clarify that the Melissa and LoveLetter
viruses used in the February 2002 issue of PC Answers were not
standard versions of these viruses, as described by Sophos.
When the Melissa and LoveLetter viruses are distributed in their
normal forms Sophos anti-virus products are perfectly capable of
detecting and eliminating these viruses.
PC Answers agrees that the versions of the viruses used in the
test are harmless and incapable of duplicating themselves while in
that state, and that Sophos anti-virus products ignore these by
design. PC Answers will be printing a clarification of this in its
March 2002 issue.