Virus exploits Email Server A, infects other emails, causes world domination, etc.
Yes, this is possible, though improbable. It would have to be a two pronged virus. The first prong is, of course, exploiting user clients that are vulnerable to virii propagation. The second prong would be exploiting the server once the infected user has sent off emails (by his own hand or not).
The server would have to be exploited via some header handling or queue vulnerability for the specific mail server. Since the server isn't necessarily going to be vulnerable, this tactic will be extremely hit-and-miss.
Despite the improbability of this situation, it is a possible attack vector. Since most attackers target mail server protocol lexicon, they tend to forget about the queue mechanisms that come later once the email has been stored on disk. If a situation arises in which a queue mechanism can be overflowed by data (possibly trusted) stored in mail queue files, the situation becomes real.
This is most likely a situation to be desired by attackers whom wish to target internal mail servers not accessible to them via the internet. These internal mail servers would handle outgoing data for internal users only, while other mail servers would route incoming mail data.
Don
http://www.7f.no-ip.com/~north_
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
