Re: [Full-Disclosure] NTmail (GMS) 8 filtering bug

From: Geo (geoincidents@GETINFO.ORG)
Date: 11/19/02

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS02-065"
    Date:         Tue, 19 Nov 2002 14:04:14 -0500
    From: Geo <geoincidents@GETINFO.ORG>
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Gordano has released a patch for the GMS version 8 filter issue.

    The patch can be downloaded from
    ftp://ftp.gordano.com/GMS/hotfixes/h20021119/intel/smtp_h20021119.zip

    The KB article about it is at http://www.gordano.com/kb.htm?q=1709

    I have not been able to confirm if this patch is available for all version 8
    users or only for ones with a current upgrade key but it appears to be a
    hotfix so it looks like it should work for everyone.

    Geo.

    -----Original Message-----
    The following exploit was discovered simultaneously by a number of NTmail
    users, I'm just one of them. In NTmail version 8 there is a mail filtering
    addon called JUCE which allows filtering of email by using a reserved
    words/phrases type filter.

    Many NTmail admins use this feature to filter email virus and trojans due to
    the excessive cost of the NTmail anti-virus addon. In some cases we filter
    based on code techniques that are common to email virus in order to possibly
    stop future virus and virus mutations that have not yet surfaced. Some even
    use this feature in addition to the standard anti-virus dll because of this
    capability. It's also one of the best spam filters available for NTmail.

    In version 8 this filter is broken. It works as advertised to stop an email
    addressed to a single recipient however if the email is addressed to
    multiple recipients then only the first one is blocked and the email is
    delivered to all the remaining addresses.
    ------

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    http://www.trusecure.com/solutions/certifications/ticsa/

    for more information.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



    Relevant Pages

    • Re: [PATCH] allow root to modify raw scsi command permissions list
      ... > My patch leaves the defaults as what are currently in the kernel. ... Yes but what I wanted to say the filter currently in the kernel is not ... purpose of giving read/write permissions in this case. ... The starting point must be safe and it can be relaxed. ...
      (Linux-Kernel)
    • Re: XPe SP2 with Domain Participation losing after 30 days
      ... Debbie, ... I knew about the new Filter but I didn't know it was officially released. ... I didn't know the EWF Registry filter patch was officially released. ... I do know that EWF version in SP2 does not have the functionality of the Registry filter. ...
      (microsoft.public.windowsxp.embedded)
    • [Full-Disclosure] NTmail (GMS) 8 filtering bug
      ... The following exploit was discovered simultaneously by a number of NTmail ... Many NTmail admins use this feature to filter email virus and trojans due to ... the excessive cost of the NTmail anti-virus addon. ...
      (Full-Disclosure)
    • [Full-Disclosure] NTmail (GMS) 8 filtering bug
      ... Gordano has released a patch for the GMS version 8 filter issue. ... The following exploit was discovered simultaneously by a number of NTmail ... Many NTmail admins use this feature to filter email virus and trojans due to ...
      (Full-Disclosure)
    • Re: floating check boxes on web pages
      ... Might re-read my post, the patch IS sp1. ... for Publisher help: ... The form control check boxes looked fine ... > the whole filter web ...
      (microsoft.public.publisher.webdesign)