MailScanner fix for Exchange TNEF vuln?
glenn.steen at gmail.com
Wed Feb 11 09:05:11 GMT 2009
2009/2/11 Paul Hutchings <paul.hutchings at mira.co.uk>:
> This is new today for those using MailScanner in front of Exchange.
> Of course not all of us can patch all our Exchange servers within ten
> minutes of the bulletin - is there any way to mitigate against the
> external threat using MailScanner?
There are two sides to this:
- MAPI == locally submitted mail... Shouldn't come into play, unless
"local" == "insecure environment".
- TNEF from remote ... This you can handle in at least two ways... 1)
Don't allow TNEF at all, or 2) Use MailScanners "replace" feature.
Should take care of things... at least if I read this right:-).
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner