Security Alert

Julian Field mailscanner at ecs.soton.ac.uk
Wed Jul 24 20:07:26 IST 2002


There has been a posting on NTBugtraq today, highlighting a newly
discovered security vulnerability in Eudora.
The attack involves meta-refresh tags and *.mhtml files.

I would advise all MailScanner users to add a "deny" rule for
        \.mhtml$
in their filename.rules.conf file, along with suitable explanations for the
log and for users.

Don't forget that fields in this file are separated with tab characters,
not spaces!
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list