Protecting Outlook

Joseph Watson josephwatson at FSE.US
Thu Sep 8 05:32:53 IST 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I was doing some testing using the test emails available at

It seems that the default configuration for the latest release of
MailScanner v 4.45, does not pickup a few of the tests.  The ones in
question are

Long subject attachment checking bypass test (for Outlook Express 6)
Long subject attachment checking bypass test (for Outlook 2000)
Attachment with no filename vulnerability test

It looks to me like my version of Outlook is updated and not vulnerable to
these attacks, but the emails go through MailScanner.  Is there a way to
configure MailScanner to pick these up??

Also on the same site they have a test for

Fragmented message vulnerability test (for Outlook Express)

This test sends 5 emails that are Fragmented.  MailScanner picks up the last
4 of these emails as "Dangerous content" and removes the attachments.  But
the first message of the 5 seems to have a problem.  MailScanner Does detect
it as a fragmented email, but something goes wrong with the formatting and
it ends up quite corrupted.  The result is very weird.  The warning
attachment that MailScanner adds shows up in the body.  The attachment has a
very strange name "]5" and when end up with a file explorer
opened to the directory C:\winnt\system32.

I was wondering if others may be able to reproduce this, and what your
thoughts may be.

- Regards

Joseph Watson

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list