Full Disclosure mailing list archives
Antigen Path Disclosure
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Fri, 30 May 2003 18:35:35 -0700
------------------------------------------------------------------
- EXPL-A-2003-001 exploitlabs.com Advisory 001
------------------------------------------------------------------
-=- Antigen 7.0 Path Disclosure -=-
Product:
--------
Antigen for Exchange
Sybari Software
516-630-8500
Web: http://www.sybari.com
Price: $4995 (to protect 250 users)
System Requirements:
Windows NT / XP / 2000
Microsoft Exchange Server 5.
Prodict Info:
-------------
Antigen for Exchange is an email anti-viral agent.
Antigen for Exchange
http://www.sybari.com/products/antigen_exchange.asp
Affected Versions:
------------------
All to current 7.0 SP1
Issue:
------
Upon discovery of a suspected email viri or attatchment,
Antigen sends a return email to the original senders email.
The body of the message contains the installed patch of the
Antigen Product. Further it appears the Antigen discards mails
not genuinly infected, but searches only "keywords", physically
deleting many non-viral messages and attatchments.
Samples:
--------
1) from return of a NON infected mail on Full Disclosure...
Antigen for Exchange found Unknown infected with VIRUS= JS/Kak@ (Norman)
worm.
The message is currently Purged. The message, "[Full-Disclosure] MSN search
spoof", was
sent from morning_wood and was discovered in SMTP Messages\Inbound
located at Wharton School/Student Mail/COURIER1.
2) from a google search of "Antigen for Exchange found" ...
Antigen for Exchange found Unknown infected with VIRUS=
HTML.MimeExploit.Klez
(CA(Vet),Kaspersky) worm.
The message is currently Purged. The message, "Hi,the Garden of Eden", was
sent from commit-grub and was discovered in SMTP Messages\Inbound And
Outbound
located at JN-MAIL/First Administrative Group/JN-SVR002.
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
Concurent with this advisory.
Credits:
--------
Donnie Werner
http://exploitlabs.com
morning_wood () exploitlabs com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Antigen Path Disclosure morning_wood (May 30)
- Re: Antigen Path Disclosure Nick FitzGerald (May 31)
- Re: Antigen Path Disclosure morning_wood (May 31)
- Re: Antigen Path Disclosure w g (May 31)
- Re: Antigen Path Disclosure Nick FitzGerald (May 31)
- Re: Antigen Path Disclosure morning_wood (May 31)
- Re: Antigen Path Disclosure Nick FitzGerald (May 31)