[23415] in bugtraq
RE: NAI Webshield SMTP for WinNT MIME header vuln
daemon@ATHENA.MIT.EDU (Eric Chien)
Thu Dec 6 14:10:45 2001
Message-Id: <5.0.2.1.1.20011205122921.00adfec0@pop.mail.yahoo.com>
Date: Wed, 05 Dec 2001 12:31:45 +0100
To: Alan Monaghan <AlanM@Gardnerweb.com>, bugtraq@securityfocus.com
From: Eric Chien <ecchien@yahoo.com>
In-Reply-To: <EA1D4486AC1ED411A2230060089FBF08019EED90@MANIAC>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
I doubt this is due to the MIME header problem.
W32.Goner.A@mm uses Outlook via MAPI to send it's message. It doesn't have
its own SMTP engine and doesn't generate its own MIME headers. The MIME
headers should be RFC compliant.
I'd double check configurations from properly updated DATs to verifying you
are scanning SCR extensions.
Good luck,
...Eric
At 03:10 PM 12/4/2001 -0500, you wrote:
>Note: the newest virus (w32/gone.a-mm) is blowing thru the WebShield product
>that runs on NT in front of our email server.
>We have just updated to the newest DAT files from McAfee . 4174.
>
>It seems to be a continuation of the other problem. Bottom line here, we are
>using GroupShield in conjunction with WebShield and it is set to delete most
>extensions on sight. The only way we saved ourselves from what looks to be a
>very bad outbreak.
