Fragmentation

Julian Field MailScanner at ecs.soton.ac.uk
Thu Feb 19 11:10:49 GMT 2009



On 12/2/09 22:56, Mike Masse wrote:
> One of my users received an Outlook express fragmented email message 
> and kudo's to MailScanner because it didn't know how to handle the 
> second portion of the email and it quarantined it.   This could very 
> well be related to:
> http://www.esecurityplanet.com/trends/article.php/1463161/Security-Firm-Outlook-Express-Can-Be-Used-To-Bypass-Email-Filters.htm 
>
>
> I searched the archive for fragmentation and did not get any results, so:
>
> Can MailScanner be set to properly detect and log and quarantine these 
> fragmented emails vs what my system is doing right now which is only 
> quarantining because it doesn't know what to do with the attachment. 
> The fact that the email doesn't come through is fantastic, but without 
> the logging bit, it's difficult to track down why for explanation 
> purposes to clients.
>
Yes, MailScanner does detect fragmented messages and rejects them. 
Imagine what would happen if you started storing them and attempting to 
reassemble them. Here's message 1 of 1,000,000. Here's a different 
message 1 of 1,000,000. And so on. DoS attack very easily!

What extra logging would you like it to do?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list