Attachment blocking with Gordano Messaging Suite

From: John Stanners (john.stanners@GORDANO.COM)
Date: 12/02/02

  • Next message: Karsten H.: "CA InoculateIT 6.0 Realtime Scanner may fail to detect vira." 
    Date:         Mon, 2 Dec 2002 17:02:07 +0000
From: John Stanners <john.stanners@GORDANO.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Gordano Limited Security Alert
    December 2nd, 2002

    Malformed MIME message exploits GMS Anti-spam attachment blocking

    Reference:
    http://www.gordano.com/kb.htm?q=1723

    Description:
    Gordano Limited has been made aware of the existence of specific malformed
    MIME content that successfully causes email messages to bypass the
    attachment blocking features of the GMS Anti-spam module. This MIME
    formation is very specific and Gordano has only been made aware of one
    message formatted in this manner.

    Recommendations:
    A fix for this exploit of the GMS Anti-spam module has been produced and is
    available for download from the locations specified below. Gordano Limited
    recommends that any customers relying on the Anti-spam module to block
    certain attachment types (e.g. exe files which may contain malicious
    content download and install the hotfix according to the instructions
    available in http://www.gordano.com/kb.htm?q=971

    Download Locations:
    For Version 6
    ftp://ftp.gordano.com/version6/hotfixes/Intel/h20021128/Scanner_h20021128.zip
    For Version 7
    ftp://ftp.gordano.com/version7/hotfixes/Intel/h20021128/Scanner_h20021128.zip
    For Version 8
    ftp://ftp.gordano.com/version8/hotfixes/Intel/h20021128/Scanner_h20021128.zip

    Additional Information:
    This exploit only affects customers using the GMS Anti-spam options to ban
    certain attachment types from their servers. Customers who have also
    enabled the GMS Anti-virus module continue to be protected from any
    malicious content contained in the attachment. Gordano Limited recommends
    that all customers take advantage of the protection facilities provided by
    the Anti-virus module. This module provides comprehensive protection from
    viruses and other malicious content. Virus definition files can be
    automatically updated every 15 minutes using Gordano's patent pending,
    firewall friendly, update mechanism. There is no interruption to service
    while the update occurs.
    _____

    About Gordano Limited
    Founded in 1994, Gordano is a well-established developer of low-cost,
    high-performance Internet messaging software. Over 54 million accounts are
    served in more than 20,000 organizations worldwide using the company's
    flagship email products to support business-critical operations. More
    information can be found at http://www.gordano.com.

    John Stanners

    NB: This email and any attachments have been checked for the presence
    of computer viruses using Gordano Messaging Suite Anti-Virus technology.
    None were found.

    ---------------------------------------------------------------------
                                Gordano Ltd
    Tel UK: +44 1275 345100 Fax UK: +44 1275 340056
    Tel USA: +1 877 292 1142 http://www.gordano.com
    Sales EMail: sales@gordano.com Support EMail: support@gordano.com

    This message is confidential and intended solely for the use of the
    addressee. Quotations are subject to contract and valid for 28 days.
    ---------------------------------------------------------------------

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    http://www.trusecure.com/solutions/certifications/ticsa/

    for more information.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo