RE: TrendMicro Interscan VirusWall security problem

From: Pedro Quintanilha (PQuintanilhaat_private)
Date: Mon May 27 2002 - 07:09:20 PDT

Next message: Noam Rathaus: "Re: VP-ASP shopping cart software."

Previous message: quentynat_private: "Netscreen 25 unauthorised reboot issue"
Maybe in reply to: Pedro Quintanilha: "TrendMicro Interscan VirusWall security problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Trend“s support (US and Brazil) confirm tha it just occurs in W32... I“ve not tested it on UX.

Pedro Quintanilha
Seguranēa da Informaēćo
Editora Abril s/a
pquintanilhaat_private
+55-11-3037-4297



-----Original Message-----
From: Patrick Morris [mailto:pmorrisat_private]
Sent: Saturday, May 25, 2002 3:36 PM
To: Pedro Quintanilha
Cc: bugtraqat_private
Subject: Re: TrendMicro Interscan VirusWall security problem


This occurs on Unix installations as well.  Depending what you need
to know the original sender's IP for, there are several ways to work
around it.

On Fri, 24 May 2002, Pedro Quintanilha wrote:

> In the most instalations Interscan listens on port 25 (SMTP), 
> receives the message, scan it, and then re-send it to the "real" 
> SMTP daemon (listening on another port), preserving the SMTP-header 
> present in the message.
> But, since it doesn“t includes a new line on SMTP-header with 
> the sender“s IP, and doesn“t write any extra log including it 
> (it just logs virus occurrences), the final message header will not 
> contain the real sender“s IP!!

Next message: Noam Rathaus: "Re: VP-ASP shopping cart software."
Previous message: quentynat_private: "Netscreen 25 unauthorised reboot issue"
Maybe in reply to: Pedro Quintanilha: "TrendMicro Interscan VirusWall security problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 27 2002 - 11:51:04 PDT