Re: Correction to latest Colsaire advisories

From: Andreas Marx (amarx_at_gega-it.de)
Date: 09/15/04

  • Next message: Nick FitzGerald: "Re: [Full-Disclosure] [Vmyths.com ALERT] Hysteria predicted for 'JPEG Processor' vulnerability" 
    Date: Wed, 15 Sep 2004 21:45:51 +0200
To: 3APA3A <3APA3A@SECURITY.NNOV.RU>, bugtraq@securityfocus.com

    Hello!

    > Just to keep correctness.

    ... and 3APA3A was not the only one who has discovered a high number of
    vulnerabilities.

    In 2002 we have started the so-called "Malformed Mail Project". You can
    find more information about this project at this website (look for "Virus
    Bulletin" papers):
    <http://www.av-test.org/sites/references_papers.php3?lang=en>

    *** Malformed Email Project, Virus Bulletin 11/2002
    <http://www.virusbtn.com/magazine/archives/200211/malformed.xml>

    -> This paper includes a short description of the project we've started
    back in 04/2002. Mark Ackermans has created a testset which contains 370
    different malformed mails which several anti-virus and content scanner
    products were not able to handle properly. (At the moment, we have more
    than 400 different ones in our testset, only about 10% of them are publicly
    known yet!)

    NOTE: If you are a security company and do not have access to the testset
    yet, you can request a copy (at no charge). You can find more details in
    the article above (don't forget to read the NDA section included). Please
    use the mail addresses which are mentioned at <http://www.av-test.org> in
    the "About us" section only, do not reply to this address!

    *** Malformed Email Project - Part 2, Virus Bulletin 02/2003
    <http://www.av-test.org/sites/references_papers.php3?lang=en>

    -> This paper includes the reactions (e.g. released updates and
    work-arounds) from the notified companies. An incomplete list can be found
    below (read the article for more details):

    Amavis - A Mail Virus Scanner
    Astaro, Astaro Security
    Beginfinite, GWAVA for GroupWise
    Borderware, Mail Gateway/Mxtreme Firewall
    Cat Computer Systems, Quickheal
    Clearswift, Mimesweeper
    Command Software, Command AV
    Computer Associates, InoculateIT/eTrust AV
    Computerized Horizons, Declude Virus
    DataEnter, XWall
    Finjan, Surfin Gate
    Fortinet, Fortigate
    F-Secure, F-Secure Anti-Virus
    G Data, AntiVirenKit
    Gecad Software, Reliable AV
    GFI, MailSecurity/Mail essentials
    Gordano, Messaging Suite
    Grisoft, AVG
    Group Technologies, IQ Suite
    H+BEDV Datentechnik, AntiVir Mailgate
    IBM, Lotus Notes/Domino
    Ikarus Software, Virus Utilities
    Indefense, Maildefense
    Kaspersky Labs, Kaspersky AV
    Marshal Software, MailMarshal
    MessageLabs, SkyScan AV
    Microsoft, Exchange Server/ISA Server
    Microworld Technologies, eScan/Mailscan
    Mirapoint, Secure Messaging
    MKS, MKS_VIR
    Network Associates, Virusscan/Groupshield/Netshield etc.
    Norman, Virus Control
    Open Access, MailGate
    Panda Software, Panda AV
    Postini, Postini
    Softwin, Bitdefender
    Sonicwall, SonicWall
    Sophos, Mail Monitor
    Stalker, CommuniGate Pro
    Surfcontrol, Surfcontrol e-mail filter
    Sybari, Antigen
    Symantec, Norton AV/Symantec AV
    Trend Micro, InterScan/ScanMail etc.
    Vircom, VOP ModusGate/ModusMail
    VirusBuster, VirusBuster
    WatchGuard Technologies, WatchGuard
    Webwasher, Webwasher
    ZoneLabs, ZoneAlarm

    cheers,
    Andreas Marx 

    -- 
AV-Test GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany
Phone: +49 (0)391 6075466, <http://www.av-test.org>
  • Next message: Nick FitzGerald: "Re: [Full-Disclosure] [Vmyths.com ALERT] Hysteria predicted for 'JPEG Processor' vulnerability"
    • Quantcast