Protecting Outlook
Alex Neuman van der Hans
alex at NKPANAMA.COM
Thu Sep 8 15:30:03 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Joseph Watson wrote:
>I was doing some testing using the test emails available at
>
>http://www.gfi.com/emailsecuritytest/
>
>It seems that the default configuration for the latest release of
>MailScanner v 4.45, does not pickup a few of the tests. The ones in
>question are
>
>Long subject attachment checking bypass test (for Outlook Express 6)
>Long subject attachment checking bypass test (for Outlook 2000)
>Attachment with no filename vulnerability test
>
>It looks to me like my version of Outlook is updated and not vulnerable to
>these attacks, but the emails go through MailScanner. Is there a way to
>configure MailScanner to pick these up??
>
>Also on the same site they have a test for
>
>Fragmented message vulnerability test (for Outlook Express)
>
>This test sends 5 emails that are Fragmented. MailScanner picks up the last
>4 of these emails as "Dangerous content" and removes the attachments. But
>the first message of the 5 seems to have a problem. MailScanner Does detect
>it as a fragmented email, but something goes wrong with the formatting and
>it ends up quite corrupted. The result is very weird. The warning
>attachment that MailScanner adds shows up in the body. The attachment has a
>very strange name "]5" and when opened...you end up with a file explorer
>opened to the directory C:\winnt\system32.
>
>I was wondering if others may be able to reproduce this, and what your
>thoughts may be.
>
>
>- Regards
>
>Joseph Watson
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
This comes up every now and then. These are artificially generated tests
created by a company bent on selling you their solution, even though the
methods used aren't really exploitable. It's like selling you "grue
repellant" by giving you a free sample and saying "See... there aren't
any grues around!" in broad daylight, when everybody knows they only
attack in the dark ;)
Search the list for gfi or "online virus test" or similar phrases and
you'll find the discussions on why you should take their warnings as
suggestions and not gospel.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list