Home page logo
/

bugtraq logo Bugtraq mailing list archives

InoculateIT AV Option for MS Exchange Server
From: Hugo Caye <Hugo () MICMAC COM BR>
Date: Tue, 14 Nov 2000 09:12:49 -0200

The scenario is two EX Srvrs, two different organizations and
different sites, both have CA's "InoculateIT AV Option for MS Exchange
Server". MS IMC (the EX SMTP gateway) will be used to send messages
between the EX Srvrs. Where the Agent fails:

1. If a message is sent from one EX to another (using IMC), and this
message has an infected file (any file with any virus), "InoculateIT
AV Option for MS Exchange Server" will not detect the attached file if
the body of the message contains _only_ the attached file. If _any_
character is inserted on the body of the message (a dot, a tab, a
space), "InoculateIT AV Option for MS Exchange Server" will detect the
virus on attached file;

2. Another weakness in "InoculateIT AV Option for MS Exchange Server"
is that it does not recognize embedded messages. If the message has an
embedded message, and this one has an infected attached file,
"InoculateIT AV Option for MS Exchange Server" will not open the
attached message to scan the infected attached file;

3. "InoculateIT AV Option for MS Exchange Server" just scans messages
that are posted on the Inbox folder. If a served based rule
automatically moves messages to another folder (TurfMail for exemple),
"InoculateIT AV Option for MS Exchange Server" will not scan this
message allowing that an infected files reach the mailbox.


Hugo Caye

O__  ----
c/ /'_ ---
(*) \(*) --
~~~~~~~~
ccna ccda
mcne³ ncip
mcse cne5


  By Date           By Thread  

Current thread:
  • InoculateIT AV Option for MS Exchange Server Hugo Caye (Nov 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault