RE: NAI Webshield SMTP for WinNT MIME header vuln

From: Eric Chien (ecchienat_private)
Date: Wed Dec 05 2001 - 03:31:45 PST

Next message: IT Resource Center : "security bulletins digest"

Previous message: Tom Liston: "Flawed outbound packet filtering in various personal firewalls"
In reply to: Alan Monaghan: "RE: NAI Webshield SMTP for WinNT MIME header vuln"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I doubt this is due to the MIME header problem.

W32.Goner.A@mm uses Outlook via MAPI to send it's message.  It doesn't have 
its own SMTP engine and doesn't generate its own MIME headers.  The MIME 
headers should be RFC compliant.

I'd double check configurations from properly updated DATs to verifying you 
are scanning SCR extensions.

Good luck,

...Eric

At 03:10 PM 12/4/2001 -0500, you wrote:
>Note: the newest virus (w32/gone.a-mm) is blowing thru the WebShield product
>that runs on NT in front of our email server.
>We have just updated to the newest DAT files from McAfee . 4174.
>
>It seems to be a continuation of the other problem. Bottom line here, we are
>using GroupShield in conjunction with WebShield and it is set to delete most
>extensions on sight. The only way we saved ourselves from what looks to be a
>very bad outbreak.

Next message: IT Resource Center : "security bulletins digest"
Previous message: Tom Liston: "Flawed outbound packet filtering in various personal firewalls"
In reply to: Alan Monaghan: "RE: NAI Webshield SMTP for WinNT MIME header vuln"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 06 2001 - 11:10:19 PST