Microsoft Exchange + Norton AntiVirus leak local information

[Matthias Andree <matthias.andree () gmx de>]

Intro: I usually attach three lines similar to these in my signature:

| Outlook (Express) users: press Ctrl+F3 for the full source code of this post.
| begin dont_click_this_virus.exe
| end

In the original, I have two spaces after "begin" which tricks broken
Microsoft software (they still haven't grasped MIME!) into thinking it's
a uuencoded attachment.

Note we're not discussing the political correctness of my signature here.

I recently got a message from an Exchange V6.0.4712.0 site running
Norton Antivirus, which revealed information on where the user filtered
its mailing list to:

| Recipient of the infected attachment:  USERNAME DELETED\Posteingang\Mailinglisten\Postfix Users
| Subject of the message:  Postfix and interface address aliases on Linux
| One or more attachments were quarantined.
|   Attachment dont_click_this_virus.exe was Quarantined for the following
|   reasons:
|       Virus UNAUTHORIZED FILE was found.

I believe I'm not supposed to see the
"...\Posteingang\Mailinglisten\Postfix Users" part. (Posteingang is
usually named INBOX in English) I had expected the destination mail
address there.

I cannot tell whether this is an Norton AntiVirus bug or an Exchange
bug.

Needless to say that the egocentric Exchange sent a winmail.dat
attachment.

-- 
Matthias Andree