Re: Mail Server testing

From: perat_private
Date: Sun May 11 2003 - 20:39:51 PDT

Next message: peter.king: "Pen-Testing Windows from Solaris"

Previous message: jjohnmckat_private: "Auto-Run CD - Disabling Screensavers"
Next in thread: Nicolas Gregoire: "Re: Mail Server testing"
Reply: Nicolas Gregoire: "Re: Mail Server testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Amal and List

Some thoughts...

* Relay checks. Test different methods for relaying via the server, one good 
test can be found at www.abuse.org/relay.html.

* Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill it with 
homogenous data, for instance only the character "a". Zip it. This will 
construct of a file that says "this files contains of 10(8) a:s" that is very 
small. Most modern mail content systems handles this today, some older might 
not.

* Embedded script-viruses. Some virusscanners do only check attached files, 
and will not look for embedded script-viruses as Kak-worm. 


/Per Niila

On Saturday 10 May 2003 07.17, Amal Al Hajeri wrote:
> Hi List,
> Am running a pen-test these days against mail servers that have a server
> side virus scanner as well as a mail content filtering product for
> inforcing the organization's mail usage policy.
>
> I ran couple of tests including :
>
> 1.Sending viruses and worms.
> 2.Sending anti virus testing files from the eicar project
> http://www.eicar.org/.
> 3.Sending renamed virus files to files with an allowed type of files
> extensions.
> 4.Sending an archived zip files *a zip file that has been zipped for
> over 4000 times* some anti viruses hang while trying to unzip this file.
> 5.Sending a genuine exe file renamed to an allowed type of files
> extension.
> 6.Sending mails with wordings like *Middlesex* A University in UK.
> 7.Mail bombing test.
>
>  I would like to know if you have any other ideas to test server side
> virus scanners and content filtering products. Also i would like to know
> what is the best way to prevent mail spamming and bombing.
>
> Thanks.


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

Next message: peter.king: "Pen-Testing Windows from Solaris"
Previous message: jjohnmckat_private: "Auto-Run CD - Disabling Screensavers"
Next in thread: Nicolas Gregoire: "Re: Mail Server testing"
Reply: Nicolas Gregoire: "Re: Mail Server testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 12 2003 - 10:50:41 PDT