Possible Microsoft security vulnerability attack.

Maurizio Matteo Munafo' munafo at PREZZEMOLO.POLITO.IT
Thu Oct 3 12:12:00 IST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 03 October 2002 15:59, Mirko Bovati wrote:
> On Wednesday 02 October 2002 02:53 pm, you wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wednesday 02 October 2002 17:32, Julian Field wrote:
> > > You want to disable this in mailscanner.conf:
> > >
> > > # Do you want to put some text on the front of the subject line when
> > > # it contained a virus which has been removed
> > > Virus Modify Subject = yes
> > >
> > > At 18:53 02/10/2002, you wrote:
> > > >Hi all,
> > > >
> > > >I need to disable the control that generate the message
> > > >in subject. My I disable this feature?
> >
> > I think he wants to permit messages with Microsoft security
> > vulnerabilities. So it should at least be:
> > Allow IFrame Tags = yes
>
> I want permit messages with Microsoft security vulnerability,
> I set: Allow IFrame Tags = yes
> but a receive still message with:
> Possible Microsoft security vulnerability attack.
> Is there any other switch to set up?
>
> thanks.
>

As far as I know, there is no other switch. You should look in the source
code for 'Microsoft security' and figure which how to comment out the tests
you do not want.
The other test triggering the security message is for HTML mail containing an
OBJECT tag with a CODEBASE attribute.
In my environment such messages are triggered by in mailing list HTML posts
containing a ShockWave banner, not the most orthodox content for an e-mail
message.

Maurizio

- --
______
     / Maurizio M. Munafo'                         /   dMMMMMMMMb  dMMMMb
    / Dip. di Elettronica - Politecnico di Torino /   dMP"dMP"dMP    "dMP
   / Corso Duca degli Abruzzi 24                 /   dMP dMP dMP   dMMK"
  / I-10129 Torino (Italia)                     /   dMP dMP dMP     dMF
 / Tel: +39 011 5644128  Fax: +39 011 5644099  /   dMP dMP dMP dMMMMP"
/ E-mail: munafo at polito.it                    /__________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9nCYEtgCCNnfQWWkRAhdOAJ9RiJl2DKOzo0Z7QNfn5uwFwaUDXgCfVv97
ntmvIhxKz9jOzvrvwZL6mDk=
=KzW3
-----END PGP SIGNATURE-----



More information about the MailScanner mailing list