Bugtraq mailing list archives
Re: NAI WebShield SMTP does not scan base64 encoding
From: Satok () QUESTDIAGNOSTICS COM (Sato, Ken)
Date: Tue, 20 Jun 2000 17:10:42 -0400
Chris, Destry, Yes, I've had the same problem too. Because MS is too selfish to release the precise specs on the MS-TNEF encoding scheme, NAI is unable to write a reliable API to decode MS-TNEF. The work around for this is to install Groupshield for exchange. Groupshield is installed at the mail servers, so the MS-TNEF is stripped by the MS-Exchange before Groupshield scans the files. Rgds, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Ken, Information Security
-----Original Message----- From: Fronck, Destry [mailto:DFronck () FDIC GOV] Sent: Tuesday, June 20, 2000 2:38 PM To: BUGTRAQ () securityfocus com Subject: Re: NAI WebShield SMTP does not scan base64 encoding Chris, This problem is not caused by base64 encoding. It is caused by the message being encoded in MS-TNEF (Microsoft Transport Neutral Encapsulation Format.) and then getting base64 encoded.
~snip snip
-----Original Message----- From: chris.paget () ANALYSYS COM [mailto:chris.paget () ANALYSYS COM] Sent: Tuesday, June 20, 2000 9:08 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: NAI WebShield SMTP does not scan base64 encoding While investigating todays virus outbreak (Stages.Worm), I noticed that our email virus scanner (NAI WebShield SMTP 4.5, engine 4.0.50, DAT 4.0.4082, 14/06/00) was not picking up all attachments. The server is configured to block all SHS, VBS, etc attachments, and notify the sender. However, when these are sent as Base64 encoding (rather than 8-bit), they are passed by the server, and could potentially infect the network. 8-bit attachments are successfully scanned (and blocked if necessary). Chirs
Current thread:
- Re: NAI WebShield SMTP does not scan base64 encoding Fronck, Destry (Jun 20)
- Re: NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 20)
- BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2 Juancho Forlanda (Jun 20)
- BEA WebLogic /file/ showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 20)
- Re: BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2 Mike DeMaria (Jun 21)
- <Possible follow-ups>
- Re: NAI WebShield SMTP does not scan base64 encoding Sato, Ken (Jun 20)
- Microsoft Security Bulletin MS00-038 Update Microsoft Product Security (Jun 20)
- rh 6.2 - gid compromises, etc Michal Zalewski (Jun 21)
- Immunix OS 6.2 (StackGuarded Red Hat 6.2) Crispin Cowan (Jun 21)
- Warning regarding new kernel RPMs Joseph V Moss (Jun 21)
- Re: Warning regarding new kernel RPMs Dave Walter (Jun 22)
- Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Stan Bubrouski (Jun 21)
- Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Wietse Venema (Jun 23)
- Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
- Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample Jesse Noller (Jun 22)
- [RHSA-2000:038-01] Zope update bugzilla () REDHAT COM (Jun 22)