[ISN] Security firm trashes customer e-mails

From: InfoSec News (isn@private)
Date: Fri Mar 04 2005 - 02:09:30 PST


By Dan Ilett 
Special to CNET News.com
March 3, 2005

An e-mail security scanning company has accidentally deleted thousands
of its customers' e-mails.

GFI, a Microsoft "gold certified partner," is offering free upgrades
to all its customers, after it trashed their e-mails by sending out
incorrect update information.

According to GFI, the problem occurred because of a change in
BitDefender's technology, one of the products that GFI uses for its
e-mail scanning.

"Unfortunately, some changes had been made to BitDefender," said
Angelica Micalleff-Trigona, public relations manager at GFI. "We were
not aware of this, and we did not foresee this problem. We are deeply
sorry for what happened. It took us by surprise."

When the GFI MailSecurity update mechanism tried to install
BitDefender updates on customer networks, the service started to
delete all e-mails by default. BitDefender and GFI then rolled back
the updates.

"We've learned our lesson," a BitDefender representative said
Thursday. "From now on, we'll try to give more support to our
integration partners. The other companies that integrate our scanning
engine did not have the same problem."

A ZDNet UK reader affected by the problem said a GFI salesman told him
that the update had not been tested.

"We were pretty surprised this morning to find that all of the e-mail
which arrived overnight had been deleted," wrote Jeremy Whiteley,
chief executive officer at Promarketing Gear. "Even more troubling was
the fact that, according to GFI's U.S. sales manager, they released
this update without testing it! I guess they expect me and my IT staff
to play the role of tester, regardless of the cost to my
business...We're reconsidering our reliance on GFI going forward."

GFI denied not testing the update, but apologized for the blunder and
has promised all customers a free upgrade to its MailSecurity 9
product, which is available in two months' time. The company has also
released a tool that can tell customers which e-mails were deleted and

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Fri Mar 04 2005 - 03:28:43 PST