RE: NAI Webshield SMTP for WinNT MIME header vuln

[Alan Monaghan <AlanM () Gardnerweb com>]

Note: the newest virus (w32/gone.a-mm) is blowing thru the WebShield product
that runs on NT in front of our email server.
We have just updated to the newest DAT files from McAfee . 4174. 

It seems to be a continuation of the other problem. Bottom line here, we are
using GroupShield in conjunction with WebShield and it is set to delete most
extensions on sight. The only way we saved ourselves from what looks to be a
very bad outbreak.

FYI




       Be like water my friend ...
Alan G. Monaghan
   MCSE+I - Win4.0; MCSE - Win2k
    BJCP # C0389  (Recognized)
Gardner Publications, Inc.
Internet Administrator 

?  Phone        1-513-527-8867 
?  Fax          1-513-527-8801 
(  Car          1-513-520-6866 
?  Cell         1-513-378-0919  
? E-mail        AlanM () Gardnerweb com
? URL           http://Bullwinkle.GardnerWeb.Com/
 


 -----Original Message-----
From:   Jari Helenius [mailto:jari.helenius () mawaron com] 
Sent:   Saturday, December 01, 2001 11:38 AM
To:     bugtraq () securityfocus com
Subject:        RE: NAI Webshield SMTP for WinNT MIME header vuln that
allowsBadTrans to pass

After this message was published in Bugtraq, one person from NAI Europe
contacted me. They asked sample of virus (which I had sent them already