It was posted, Dec 27th, that Interscan Viruswall would allow virus-infected attachements to pass when an additional "=" was appended to end of Base64 message. Along a similar vein numbers 1 through 3 below will also allow virus-infected attachements to pass right by Interscan Viruswall. 1) adding a "-" to the end of base64 message 2)changing content-type application type in the header Example, Content-type: Application/FOO; name="whatever.doc" 3) Adding an extra "-" at end of base64 boundary 3 methods above were tested and verified on NT running the latest engine from Trend Micro, along with the latest patch. At least one of the methods above (Number 1) was tested and verified on a Solaris box by Kris Herrin (the original poster). 3 methods above were chosen *at random* from RFC 2045. Vendor was notified. Patch was promised by Wed. of last week. Trend Micro patches can be found at http://www.antivirus.com/download/patches/default.htm . RFC 2045 can be found at http://www.ietf.org/rfc/rfc2045.txt John Lampe ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:48 PDT