Bugtraq mailing list archives
InoculateIT AV Option for MS Exchange Server
From: Hugo Caye <Hugo () MICMAC COM BR>
Date: Tue, 14 Nov 2000 09:12:49 -0200
The scenario is two EX Srvrs, two different organizations and different sites, both have CA's "InoculateIT AV Option for MS Exchange Server". MS IMC (the EX SMTP gateway) will be used to send messages between the EX Srvrs. Where the Agent fails: 1. If a message is sent from one EX to another (using IMC), and this message has an infected file (any file with any virus), "InoculateIT AV Option for MS Exchange Server" will not detect the attached file if the body of the message contains _only_ the attached file. If _any_ character is inserted on the body of the message (a dot, a tab, a space), "InoculateIT AV Option for MS Exchange Server" will detect the virus on attached file; 2. Another weakness in "InoculateIT AV Option for MS Exchange Server" is that it does not recognize embedded messages. If the message has an embedded message, and this one has an infected attached file, "InoculateIT AV Option for MS Exchange Server" will not open the attached message to scan the infected attached file; 3. "InoculateIT AV Option for MS Exchange Server" just scans messages that are posted on the Inbox folder. If a served based rule automatically moves messages to another folder (TurfMail for exemple), "InoculateIT AV Option for MS Exchange Server" will not scan this message allowing that an infected files reach the mailbox. Hugo Caye O__ ---- c/ /'_ --- (*) \(*) -- ~~~~~~~~ ccna ccda mcne³ ncip mcse cne5
Current thread:
- InoculateIT AV Option for MS Exchange Server Hugo Caye (Nov 15)