[Full-Disclosure] Antigen Path Disclosure

• Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities"
• Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Antigen Path Disclosure"
• Reply: Nick FitzGerald: "Re: [Full-Disclosure] Antigen Path Disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>, <nick@virus-l.demon.co.uk>, <vulnwatch@vulnwatch.org>, <full-disclosure@lists.netsys.com>, <support@sybari.com>
Date: Fri, 30 May 2003 18:35:35 -0700

------------------------------------------------------------------
- EXPL-A-2003-001 exploitlabs.com Advisory 001
------------------------------------------------------------------

     -=- Antigen 7.0 Path Disclosure -=-

Product:
--------

Antigen for Exchange

Sybari Software
516-630-8500
Web: http://www.sybari.com
Price: $4995 (to protect 250 users)
System Requirements:
Windows NT / XP / 2000
Microsoft Exchange Server 5.

Prodict Info:
-------------
 Antigen for Exchange is an email anti-viral agent.

Antigen for Exchange
http://www.sybari.com/products/antigen_exchange.asp

Affected Versions:
------------------

All to current 7.0 SP1

Issue:
------

 Upon discovery of a suspected email viri or attatchment,
Antigen sends a return email to the original senders email.
The body of the message contains the installed patch of the
Antigen Product. Further it appears the Antigen discards mails
not genuinly infected, but searches only "keywords", physically
deleting many non-viral messages and attatchments.

Samples:
--------
1) from return of a NON infected mail on Full Disclosure...

Antigen for Exchange found Unknown infected with VIRUS= JS/Kak@ (Norman)
worm.
The message is currently Purged. The message, "[Full-Disclosure] MSN search
spoof", was
sent from morning_wood and was discovered in SMTP Messages\Inbound
located at Wharton School/Student Mail/COURIER1.

2) from a google search of "Antigen for Exchange found" ...

Antigen for Exchange found Unknown infected with VIRUS=
HTML.MimeExploit.Klez
(CA(Vet),Kaspersky) worm.
The message is currently Purged. The message, "Hi,the Garden of Eden", was
sent from commit-grub and was discovered in SMTP Messages\Inbound And
Outbound
located at JN-MAIL/First Administrative Group/JN-SVR002.

Vendor Fix:
-----------

No fix on 0day

Vendor Contact:
---------------

Concurent with this advisory.

Credits:
--------

Donnie Werner
http://exploitlabs.com
morning_wood@exploitlabs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities"
• Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Antigen Path Disclosure"
• Reply: Nick FitzGerald: "Re: [Full-Disclosure] Antigen Path Disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]