RE: NAI Webshield SMTP for WinNT MIME header vuln that allowsBadTrans to pass

["Jari Helenius" <jari.helenius () mawaron com>]

After this message was published in Bugtraq, one person from NAI Europe
contacted me. They asked sample of virus (which I had sent them already
twice to Viruslab, person who asked this was not from NAI viruslab). I sent
sample and NAI has released EXTRA.DAT that finds BadTrans.B.

I have not been able to verify, that it would stop any other virus that
arrives with Broken MIME header. NAI has told that they are still checking
this subject, so now we have to wait and see what will happen.

NAI worked quite fast, after they desided to take an action. It is sad that
this vulnerability had to been published in Bugtraq to achieve this goal.
Hopefully, in future, NAI will fix bugs more straitforward way. :-)

If someone else is having same problem, contact NAI and ask for EXTRA.DAT.



Jari Helenius / Mawaron Oy
Email: jari.helenius () mawaron com