email vulnerability tests

DNSAdmin dnsadmin at 1BIGTHINK.COM
Fri Oct 24 19:37:55 IST 2003

At 11:52 AM 10/24/2003 -0600, you wrote:
>GFI Email Security Testing Zone (
>tests for multiple vulnerabilities.  They have added a couple of new
>tests and I am curious if the current version of MailScanner stops them
>I am using 4.23-11 and the following test fails:
>         - Attachment with no filename vulnerability test
>Another one of their tests that makes it through has the subject of
>"hide.hta."  I am not sure which of their tests creates this subject,
>but I believe it is related to the above test.
>If someone using 4.24-5 could run these tests and report back to the
>list, it would probably be of benefit.

Hi Dustin,

I have been testing upgrades on a Cobalt RaQ3 and a Cobalt RaQ4 this week.
I will upgrade this weekend to 4.24-5 on my production server.

However, I tested through my production server, yesterday, which is a
Cobalt RaQ3 still running MailScanner 3.22 and email client Eudora 5.1. I

I had a co-worker running Outlook Express as a mail client and fully
patched except for latest IE SP1 (because he wants to keep his browser at
5.0x). He failed.

All depends upon M$ patch level and mail client.


More information about the MailScanner mailing list