[25575] in bugtraq
RE: TrendMicro Interscan VirusWall security problem
daemon@ATHENA.MIT.EDU (Pedro Quintanilha)
Mon May 27 14:51:12 2002
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Mon, 27 May 2002 11:09:20 -0300
Message-ID: <92F8CDCF6AA927438777C9373E1A31ED06F4E7@EXNEA01.gabril.com.br>
From: "Pedro Quintanilha" <PQuintanilha@abril.com.br>
To: "Patrick Morris" <pmorris@wilshire.com>
Cc: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
Trend´s support (US and Brazil) confirm tha it just occurs in W32... I´ve not tested it on UX.
Pedro Quintanilha
Segurança da Informação
Editora Abril s/a
pquintanilha@abril.com.br
+55-11-3037-4297
-----Original Message-----
From: Patrick Morris [mailto:pmorris@wilshire.com]
Sent: Saturday, May 25, 2002 3:36 PM
To: Pedro Quintanilha
Cc: bugtraq@securityfocus.com
Subject: Re: TrendMicro Interscan VirusWall security problem
This occurs on Unix installations as well. Depending what you need
to know the original sender's IP for, there are several ways to work
around it.
On Fri, 24 May 2002, Pedro Quintanilha wrote:
> In the most instalations Interscan listens on port 25 (SMTP),
> receives the message, scan it, and then re-send it to the "real"
> SMTP daemon (listening on another port), preserving the SMTP-header
> present in the message.
> But, since it doesn´t includes a new line on SMTP-header with
> the sender´s IP, and doesn´t write any extra log including it
> (it just logs virus occurrences), the final message header will not
> contain the real sender´s IP!!
