Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]
From: Joe Yandle <jwy () divisionbyzero com>
Date: Fri, 30 Nov 2001 01:35:41 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It seems that NAI WebShield SMTP for NT can't handle all mime headers 
properly. One example is below. WebShield can't parse this and it does 
not realize that message has attachment. And because it does not realize 
there is attachment it won't check it for viruses or against attachment 
name.

MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="


This is not a bug in NAI WebShield, but rather a bug in any email
client which parses this as a valid MIME message.  Read RFC 822,
section 3.1.1, if you don't understand how to correctly fold
email headers.  Since the 'boundary' field should be discarded,
this email cannot be parsed for MIME attachments, and thus 
logically does not contain the virus.

Instead of complaining about your virus scanner's correct behavior,
you might want to complain to whoever wrote your email client.
This is a perfect example of how necessary it is for standards to be
implemented correctly at all levels ;)

cheers,
- --
Joe Yandle
http://www.divisionbyzero.com/jwy/pubkey.asc

If video games really affected kids, then we'd all be running around in
dark rooms, munching on pills, and listening to electronic music.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8B1LUy8aHBE8tCGcRAixKAJ95liB6idzd9JR+9mgtU667xsb9uwCdGnzX
tDcqAeVbtjiJ3gii9tbXG0E=
=Q3x5
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault