Hi Amal and List Some thoughts... * Relay checks. Test different methods for relaying via the server, one good test can be found at www.abuse.org/relay.html. * Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill it with homogenous data, for instance only the character "a". Zip it. This will construct of a file that says "this files contains of 10(8) a:s" that is very small. Most modern mail content systems handles this today, some older might not. * Embedded script-viruses. Some virusscanners do only check attached files, and will not look for embedded script-viruses as Kak-worm. /Per Niila On Saturday 10 May 2003 07.17, Amal Al Hajeri wrote: > Hi List, > Am running a pen-test these days against mail servers that have a server > side virus scanner as well as a mail content filtering product for > inforcing the organization's mail usage policy. > > I ran couple of tests including : > > 1.Sending viruses and worms. > 2.Sending anti virus testing files from the eicar project > http://www.eicar.org/. > 3.Sending renamed virus files to files with an allowed type of files > extensions. > 4.Sending an archived zip files *a zip file that has been zipped for > over 4000 times* some anti viruses hang while trying to unzip this file. > 5.Sending a genuine exe file renamed to an allowed type of files > extension. > 6.Sending mails with wordings like *Middlesex* A University in UK. > 7.Mail bombing test. > > I would like to know if you have any other ideas to test server side > virus scanners and content filtering products. Also i would like to know > what is the best way to prevent mail spamming and bombing. > > Thanks. --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon May 12 2003 - 10:50:41 PDT