RE: TrendMicro Interscan VirusWall security problem

["Pedro Quintanilha" <PQuintanilha () abril com br>]

Trend´s support (US and Brazil) confirm tha it just occurs in W32... I´ve not tested it on UX.

Pedro Quintanilha
Segurança da Informação
Editora Abril s/a
pquintanilha () abril com br
+55-11-3037-4297



-----Original Message-----
From: Patrick Morris [mailto:pmorris () wilshire com]
Sent: Saturday, May 25, 2002 3:36 PM
To: Pedro Quintanilha
Cc: bugtraq () securityfocus com
Subject: Re: TrendMicro Interscan VirusWall security problem


This occurs on Unix installations as well.  Depending what you need
to know the original sender's IP for, there are several ways to work
around it.

On Fri, 24 May 2002, Pedro Quintanilha wrote:

> In the most instalations Interscan listens on port 25 (SMTP), 
> receives the message, scan it, and then re-send it to the "real" 
> SMTP daemon (listening on another port), preserving the SMTP-header 
> present in the message.
> But, since it doesn´t includes a new line on SMTP-header with 
> the sender´s IP, and doesn´t write any extra log including it 
> (it just logs virus occurrences), the final message header will not 
> contain the real sender´s IP!!