Re: Correction to latest Colsaire advisories
Hello!
Just to keep correctness.
... and 3APA3A was not the only one who has discovered a high number of
vulnerabilities.
In 2002 we have started the so-called "Malformed Mail Project". You can
find more information about this project at this website (look for "Virus
Bulletin" papers):
<http://www.av-test.org/sites/references_papers.php3?lang=en>
*** Malformed Email Project, Virus Bulletin 11/2002
<http://www.virusbtn.com/magazine/archives/200211/malformed.xml>
-> This paper includes a short description of the project we've started
back in 04/2002. Mark Ackermans has created a testset which contains 370
different malformed mails which several anti-virus and content scanner
products were not able to handle properly. (At the moment, we have more
than 400 different ones in our testset, only about 10% of them are publicly
known yet!)
NOTE: If you are a security company and do not have access to the testset
yet, you can request a copy (at no charge). You can find more details in
the article above (don't forget to read the NDA section included). Please
use the mail addresses which are mentioned at <http://www.av-test.org> in
the "About us" section only, do not reply to this address!
*** Malformed Email Project - Part 2, Virus Bulletin 02/2003
<http://www.av-test.org/sites/references_papers.php3?lang=en>
-> This paper includes the reactions (e.g. released updates and
work-arounds) from the notified companies. An incomplete list can be found
below (read the article for more details):
Amavis - A Mail Virus Scanner
Astaro, Astaro Security
Beginfinite, GWAVA for GroupWise
Borderware, Mail Gateway/Mxtreme Firewall
Cat Computer Systems, Quickheal
Clearswift, Mimesweeper
Command Software, Command AV
Computer Associates, InoculateIT/eTrust AV
Computerized Horizons, Declude Virus
DataEnter, XWall
Finjan, Surfin Gate
Fortinet, Fortigate
F-Secure, F-Secure Anti-Virus
G Data, AntiVirenKit
Gecad Software, Reliable AV
GFI, MailSecurity/Mail essentials
Gordano, Messaging Suite
Grisoft, AVG
Group Technologies, IQ Suite
H+BEDV Datentechnik, AntiVir Mailgate
IBM, Lotus Notes/Domino
Ikarus Software, Virus Utilities
Indefense, Maildefense
Kaspersky Labs, Kaspersky AV
Marshal Software, MailMarshal
MessageLabs, SkyScan AV
Microsoft, Exchange Server/ISA Server
Microworld Technologies, eScan/Mailscan
Mirapoint, Secure Messaging
MKS, MKS_VIR
Network Associates, Virusscan/Groupshield/Netshield etc.
Norman, Virus Control
Open Access, MailGate
Panda Software, Panda AV
Postini, Postini
Softwin, Bitdefender
Sonicwall, SonicWall
Sophos, Mail Monitor
Stalker, CommuniGate Pro
Surfcontrol, Surfcontrol e-mail filter
Sybari, Antigen
Symantec, Norton AV/Symantec AV
Trend Micro, InterScan/ScanMail etc.
Vircom, VOP ModusGate/ModusMail
VirusBuster, VirusBuster
WatchGuard Technologies, WatchGuard
Webwasher, Webwasher
ZoneLabs, ZoneAlarm
cheers,
Andreas Marx
--
AV-Test GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany
Phone: +49 (0)391 6075466, <http://www.av-test.org>