Re: NAI WebShield SMTP does not scan base64 encoding

[Satok () QUESTDIAGNOSTICS COM (Sato, Ken)]

Chris, Destry,

Yes, I've had the same problem too.  Because MS is too selfish to release
the precise specs on the MS-TNEF encoding scheme, NAI is unable to write a
reliable API to decode MS-TNEF.

The work around for this is to install Groupshield for exchange.
Groupshield is installed at the mail servers, so the MS-TNEF is stripped by
the MS-Exchange before Groupshield scans the files.  

Rgds, 

 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Ken, Information Security

> -----Original Message-----
> From: Fronck, Destry [mailto:DFronck () FDIC GOV]
> Sent: Tuesday, June 20, 2000 2:38 PM
> To: BUGTRAQ () securityfocus com
> Subject: Re: NAI WebShield SMTP does not scan base64 encoding
>
>
> Chris,
> This problem is not caused by base64 encoding. It is caused by 
> the message
> being encoded in MS-TNEF (Microsoft Transport Neutral 
> Encapsulation Format.)
> and then getting base64 encoded. 
~snip snip

> -----Original Message-----
> From:  chris.paget () ANALYSYS COM [mailto:chris.paget () ANALYSYS COM]
> Sent:  Tuesday, June 20, 2000 9:08 AM
> To:    BUGTRAQ () SECURITYFOCUS COM
> Subject:       NAI WebShield SMTP does not scan base64 encoding
>
> While investigating todays virus outbreak (Stages.Worm), I noticed
> that our email virus scanner (NAI WebShield SMTP 4.5, engine 4.0.50,
> DAT 4.0.4082, 14/06/00) was not picking up all attachments.
> The server is configured to block all SHS, VBS, etc attachments, and
> notify the sender.  However, when these are sent as Base64 encoding
> (rather than 8-bit), they are passed by the server, and could
> potentially infect the network.  8-bit attachments are successfully
> scanned (and blocked if necessary).
>
> Chirs