|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: NAI WebShield SMTP does not scan base64 encoding
From: Fronck, Destry (DFronck
FDIC.GOV)Date: Tue Jun 20 2000 - 13:37:46 CDT
- Next message: Jeff Licquia: "CUPS DoS Bugs"
- Previous message: Jerome ALET: "Re: XFree86: xdm xdmcp code in wdm also"
- Maybe in reply to: chris.pagetANALYSYS.COM: "NAI WebShield SMTP does not scan base64 encoding"
- Next in thread: chris.pagetANALYSYS.COM: "Re: NAI WebShield SMTP does not scan base64 encoding"
- Maybe reply: Fronck, Destry: "Re: NAI WebShield SMTP does not scan base64 encoding"
- Reply: chris.pagetANALYSYS.COM: "Re: NAI WebShield SMTP does not scan base64 encoding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris,
This problem is not caused by base64 encoding. It is caused by the message
being encoded in MS-TNEF (Microsoft Transport Neutral Encapsulation Format.)
and then getting base64 encoded. MS-TNEF is used when Outlook sends Rich
Text information over the Internet.
NAI knows that this is a problem but they have been unable to fix it. Here's
my message to NAI and their response.
-------------------------------
-----Original Message-----
From: Jon
Sent: Tuesday, May 09, 2000 7:55 PM
To: Fronck, Destry
Subject: RE: Webshield smtp 4.03 virus gateway
Destry,
I talked to the Webshield guys and they said you are
completely correct. Not only that but NO company can scan those files
including ours. They did provide an article that may be of help to you.
<<WebShield_MS-TNEF.doc>>
Thanks
Jon
--------------------------------------
Network Associates
Who's watching your network?
-------------------------------------
-----Original Message-----
From: Fronck, Destry
[mailto:DFronckFDIC.gov]
Sent: Monday, May 08, 2000 7:38 AM
To: Jon
Cc: FDIC-CSIRT
Subject: Webshield smtp 4.03 virus
gateway
Importance: High
Jon, I have discovered a problem with the
WebShield smtp 4.03 virus gateway for NT. We have had several instances of
the ILOVEYOU virus getting past the virus gateway. All of these were
detected by the VShield 4.03 desktop scanner. Both products are running the
same dat files; 4076 and the latest extra.dat.
The problem is that the gateway does not
appear to scan MS-TNEF (Microsoft Transport Neutral Encapsulated Format)
content. This content is typically encapsulated in MIME like so
------_=_NextPart_000_01BFB8C1.7FC25C8A
Content-Type: application/ms-tnef
Content-Transfer-Encoding: base64
Can you verify this?
Does WebShield 4.5 fix this? Can you verify
this?
Thanks,
Destry Fronck
-----------------------------------------------
Thanks,
Destry Fronck
-----Original Message-----
From: chris.pagetANALYSYS.COM [mailto:chris.pagetANALYSYS.COM]
Sent: Tuesday, June 20, 2000 9:08 AM
To: BUGTRAQSECURITYFOCUS.COM
Subject: NAI WebShield SMTP does not scan base64 encoding
While investigating todays virus outbreak (Stages.Worm), I noticed
that our email virus scanner (NAI WebShield SMTP 4.5, engine 4.0.50,
DAT 4.0.4082, 14/06/00) was not picking up all attachments.
The server is configured to block all SHS, VBS, etc attachments, and
notify the sender. However, when these are sent as Base64 encoding
(rather than 8-bit), they are passed by the server, and could
potentially infect the network. 8-bit attachments are successfully
scanned (and blocked if necessary).
Chirs
- application/msword attachment: WebShield_MS-TNEF.doc
- Next message: Jeff Licquia: "CUPS DoS Bugs"
- Previous message: Jerome ALET: "Re: XFree86: xdm xdmcp code in wdm also"
- Maybe in reply to: chris.pagetANALYSYS.COM: "NAI WebShield SMTP does not scan base64 encoding"
- Next in thread: chris.pagetANALYSYS.COM: "Re: NAI WebShield SMTP does not scan base64 encoding"
- Maybe reply: Fronck, Destry: "Re: NAI WebShield SMTP does not scan base64 encoding"
- Reply: chris.pagetANALYSYS.COM: "Re: NAI WebShield SMTP does not scan base64 encoding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]