Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Menashe Eliezer (menashe_at_finjan.com)
Date: Thu Sep 12 2002 - 13:13:02 CDT
First, I would like to point out that there are still users which use
Outlook 2000. Outlook 2000 can be also used for sending and receiving such
Finjan Software response:
Finjan Software products are not vulnerable.
SurfinGate for E-Mail reassembles fragmented messages, and then performs
security analysis and applies content management rules.
SurfinShield is installed on end users machines. It gets the reassembled
message from the E-Mail client, and proactively monitors the behavior of
active content included or attached to the E-Mail message.
CERT has approached Finjan Software, and we've replied.
Beyond Security Ltd. probably hasn't received yet the response from CERT.
Manager, Malicious Code Research Center
Prevention is the best cure!
From: Aviram Jenik [mailto:avirambeyondsecurity.com]
Sent: Thursday, September 12, 2002 3:45 PM
Subject: Bypassing SMTP Content Protection with a Flick of a Button
Bypassing SMTP Content Protection with a Flick of a Button
Forget underground hacking tools. How about using Outlook Express as
your attack platform?
Beyond Security's SecurITeam has discovered a new method of bypassing
many SMTP-based content filter engines.
This discovery is alarming since it requires from the attacker nothing
more than an Outlook Express client and employs a rarely-used feature
called 'message fragmentation and re-assembly' that is available in
Outlook Express. Using this feature, an attacker can send e-mails that
will bypass most SMTP filtering engines including gateway Virus
scanners, content filters, Firewalls that do SMTP checking, etc.
Anyone wishing to bypass SMTP filtering engines can utilize the
mentioned method to bypass most types of content checking, and deliver
its payload to the end-client without any trouble, whether it is a
Virus, Trojan or a file type that is not allowed by the corporate
The information has been provided by <mailto:noamrbeyondsecurity.com>
Noam Rathaus, Beyond Security Ltd.
-- Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com
Know that you're safe: http://www.AutomatedScanning.com