MailScanner fix for Exchange TNEF vuln?
paul.welsh.3 at googlemail.com
Wed Feb 11 13:51:49 GMT 2009
In MailScanner 4.71.10-1 and 4.74.16-1 at least, the default settings
for TNEF in MailScanner.conf are:
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = no
So many MailScanner users will be protected without knowing it.
I have an unpatched Exchange server and also use Sophos on my
MailScanner box. I've just noticed that I could have probably used
"Expand TNEF = no" because Sophos can check attachments within TNEF
Obviously I'll keep the "Use TNEF Contents = replace" setting in place
but does anyone know whether "Expand TNEF = no" is compatible with
"Use TNEF Contents = replace"?
More information about the MailScanner