RE: NTmail (GMS) 8 filtering bug

["Geo" <geoincidents () getinfo org>]

Gordano has released a patch for the GMS version 8 filter issue.

The patch can be downloaded from
ftp://ftp.gordano.com/GMS/hotfixes/h20021119/intel/smtp_h20021119.zip

The KB article about it is at http://www.gordano.com/kb.htm?q=1709

I have not been able to confirm if this patch is available for all version 8
users or only for ones with a current upgrade key but it appears to be a
hotfix so it looks like it should work for everyone.

Geo.



-----Original Message-----
The following exploit was discovered simultaneously by a number of NTmail
users, I'm just one of them. In NTmail version 8 there is a mail filtering
addon called JUCE which allows filtering of email by using a reserved
words/phrases type filter.

Many NTmail admins use this feature to filter email virus and trojans due to
the excessive cost of the NTmail anti-virus addon. In some cases we filter
based on code techniques that are common to email virus in order to possibly
stop future virus and virus mutations that have not yet surfaced. Some even
use this feature in addition to the standard anti-virus dll because of this
capability. It's also one of the best spam filters available for NTmail.

In version 8 this filter is broken. It works as advertised to stop an email
addressed to a single recipient however if the email is addressed to
multiple recipients then only the first one is blocked and the email is
delivered to all the remaining addresses.
------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html