Security Incidents mailing list archives
Re: Possible Mail server compromise ?
From: "Faas M. Mathiasen" <faas.m.mathiasen () googlemail com>
Date: Wed, 20 Feb 2008 20:25:51 +0100
Dear Bob, I don't want to start a flame war, let's keep the information relevant and on topic, as such I'd like to comment on things relevant to the general public, everything else is private mail. :) ok?
It goes without saying that patching does not protect against zero day exploits.
:)
I don't understand what you are saying. I am assuming that the nruns.com product is scanning for viruses in email.
Hmm, I am not sure you (or I) got it right, but apparently they don't parse the data. So basically if they don't parse it they are a lot less vulnerable to remote attacks, agree?
Thus, the data (the email) can be manipulated by the attacker.
See above, as I understand it, there is no parsing involved a part from your normal FROM etc headers. Attachments that normally contain the payloads (read lots of formats) are usually
"No-Parsing paradigma"? Paradigma isn't even a word (according to www.merriam-webster.com).
You are referring to a typo instead of commenting on my concern, lets keep the mails relevant for the general public, if your comment was sincere : you should lookup "paradigm"
Our product (and to various degrees others, such as raw ClamAV) also run in a "sealed" environment such as a separate UID, chroot'ed, etc.
I beg to differ, chroot is by no means a "sealed" environment. There are lots of ways to break out of it...
No, ClamAV would not be vulnerable to this ...
What I posted here was an exploit against Clamav http://milw0rm.com/exploits/4761 Regards, Faas.M.Mathiasen
Current thread:
- Re: Possible Mail server compromise ?, (continued)
- Re: Possible Mail server compromise ? Gary Baribault (Feb 04)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 04)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 12)
- Re: Possible Mail server compromise ? Michael Loftis (Feb 13)
- Re: Possible Mail server compromise ? Jon Oberheide (Feb 13)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 19)
- Re: Possible Mail server compromise ? Bob Toxen (Feb 19)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 19)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Bob Toxen (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Eygene Ryabinkin (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)
- Re: Possible Mail server compromise ? Paul Schmehl (Feb 21)
- Re: Possible Mail server compromise ? Jon Oberheide (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Peter Kosinar (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)