RE: http://www.gfi.com/emailsecuritytest just some more specific followup info re: GFI's tests
Brian wrote:
o VBS file vulnerability test
can be caught by Perlscan and quarantine-attachments.txt rule: .vbs 0 VBS files not allowed per Company security policy
o CLSID extension vulnerability testcan not caught by Q-S
o MIME header vulnerability test
can be caught by Perlscan and quarantine-attachments.txt rule: .vbs 0 VBS files not allowed per Company security policy because it contained VBS attachment
o ActiveX vulnerability testcan not caught by Q-S
o Malformed file extension vulnerability test (for Outlook 2002 - XP)can not caught by Q-S
o CLSID extension vulnerability test (for Outlook 2002 - XP)can not caught by Q-S
o GFI's Access exploit vulnerability testcan not caught by Q-S
o Object Codebase vulnerability testcan be caught by AV...e.g. ClamAV will catch
o Iframe remote vulnerability testcan not caught by Q-S
o Eicar anti-virus test
can be caught by Perlscan and quarantine-attachments.txt rule: EICAR.COM 69 EICAR Test Virus
o Fragmented Message testcan be caught by Perlscan and quarantine-attachments.txt rule:
message/partial.* Virus-Content-Type: Message/partial MIME attachments blocked by policy
of the ones "can not be caught", they are IFRAME links inside HTML content in message body, and Q-S is not doing message body pattern scanning.
Is there -any- reason to allow IFRAME content in EMAIL content??
AFAIK...you -could- stop IFRAME exploits in HTML with SpamAssassin's defang_mime=1 option but that would "disable" all HTML email (might not a bad thing depending on your POV ;)
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
