<<< Date Index >>>     <<< Thread Index >>>

Antigen 8.0 for Exchange/SMTP Rule Vulnerability



======================================================================
- Sybari Antigen for SMTP / Exchange Rule / Attachment Pass through -
======================================================================
1) Affected Software 

Sybari Antigen v8.0 SR2 for Exchange/SMTP

Other versions may also be affected.

======================================================================
2) Description of Vulnerability

A vulnerability has been discovered in Antigen for Exchange/SMTP, which
could potentially be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused by the way Antigen processes its rules in
handling SMTP messages. A message, containing the Subject line of: 
"Antigen forwarded attachment" can be exploited to cause Antigen to
ignore custom filters allowing unwanted file attachments into the email
system. This vulnerability does not disable or bypass virus scanning of
attachments.

Successful exploitation may allow an unwanted file type to be delivered
into a user's email inbox.



======================================================================
3) Solution 

Update to the latest version via online update.
(Antigen v8.0 sr3 for Exchange/SMTP Version 8.00.1517 SR3).

======================================================================
4) Credits 

Reported by Alan G. Monaghan, Gardner Publications, Inc. on Thursday,
September 01, 2005