RE: NAI Webshield SMTP for WinNT MIME header vuln that allowsBadTrans to pass

From: Jari Helenius (jari.helenius@mawaron.com)
Date: 12/01/01


From: "Jari Helenius" <jari.helenius@mawaron.com>
To: <bugtraq@securityfocus.com>
Subject: RE: NAI Webshield SMTP for WinNT MIME header vuln that allowsBadTrans to pass
Date: Sat, 1 Dec 2001 18:37:31 +0200
Message-ID: <NCBBLAJFJEDGEJFKHNNBOEOKCGAA.jari.helenius@mawaron.com>

After this message was published in Bugtraq, one person from NAI Europe
contacted me. They asked sample of virus (which I had sent them already
twice to Viruslab, person who asked this was not from NAI viruslab). I sent
sample and NAI has released EXTRA.DAT that finds BadTrans.B.

I have not been able to verify, that it would stop any other virus that
arrives with Broken MIME header. NAI has told that they are still checking
this subject, so now we have to wait and see what will happen.

NAI worked quite fast, after they desided to take an action. It is sad that
this vulnerability had to been published in Bugtraq to achieve this goal.
Hopefully, in future, NAI will fix bugs more straitforward way. :-)

If someone else is having same problem, contact NAI and ask for EXTRA.DAT.

Jari Helenius / Mawaron Oy
Email: jari.helenius@mawaron.com