Protecting Outlook

Alex Neuman van der Hans alex at NKPANAMA.COM
Thu Sep 8 15:30:32 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Joseph Watson wrote:

>I was doing some testing using the test emails available at
>
>http://www.gfi.com/emailsecuritytest/
>
>It seems that the default configuration for the latest release of
>MailScanner v 4.45, does not pickup a few of the tests.  The ones in
>question are
>
>Long subject attachment checking bypass test (for Outlook Express 6)
>Long subject attachment checking bypass test (for Outlook 2000)
>Attachment with no filename vulnerability test
>
>It looks to me like my version of Outlook is updated and not vulnerable to
>these attacks, but the emails go through MailScanner.  Is there a way to
>configure MailScanner to pick these up??
>
>Also on the same site they have a test for
>
>Fragmented message vulnerability test (for Outlook Express)
>
>This test sends 5 emails that are Fragmented.  MailScanner picks up the last
>4 of these emails as "Dangerous content" and removes the attachments.  But
>the first message of the 5 seems to have a problem.  MailScanner Does detect
>it as a fragmented email, but something goes wrong with the formatting and
>it ends up quite corrupted.  The result is very weird.  The warning
>attachment that MailScanner adds shows up in the body.  The attachment has a
>very strange name "]5" and when opened...you end up with a file explorer
>opened to the directory C:\winnt\system32.
>
>I was wondering if others may be able to reproduce this, and what your
>thoughts may be.
>
>
>- Regards
>
>Joseph Watson
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>
Oh, and by the way, you could use another e-mail client like Thunderbird 
to make things safer for your users.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list