gfi.com email vulnerability tests
DNSAdmin
dnsadmin at 1BIGTHINK.COM
Fri Oct 24 19:37:55 IST 2003
At 11:52 AM 10/24/2003 -0600, you wrote:
>GFI Email Security Testing Zone (http://www.gfi.com/emailsecuritytest/)
>tests for multiple vulnerabilities. They have added a couple of new
>tests and I am curious if the current version of MailScanner stops them
>all.
>
>I am using 4.23-11 and the following test fails:
>
> - Attachment with no filename vulnerability test
>
>Another one of their tests that makes it through has the subject of
>"hide.hta." I am not sure which of their tests creates this subject,
>but I believe it is related to the above test.
>
>If someone using 4.24-5 could run these tests and report back to the
>list, it would probably be of benefit.
>
>Dustin
Hi Dustin,
I have been testing upgrades on a Cobalt RaQ3 and a Cobalt RaQ4 this week.
I will upgrade this weekend to 4.24-5 on my production server.
However, I tested through my production server, yesterday, which is a
Cobalt RaQ3 still running MailScanner 3.22 and email client Eudora 5.1. I
passed.
I had a co-worker running Outlook Express as a mail client and fully
patched except for latest IE SP1 (because he wants to keep his browser at
5.0x). He failed.
All depends upon M$ patch level and mail client.
Cheers!
More information about the MailScanner
mailing list