lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EKECJMGPAACGOMIGLJJDCEFJCJAA.geoincidents@getinfo.org>
From: geoincidents at getinfo.org (Geo)
Subject: NTmail (GMS) 8 filtering bug

The following exploit was discovered simultaneously by a number of NTmail
users, I'm just one of them. In NTmail version 8 there is a mail filtering
addon called JUCE which allows filtering of email by using a reserved
words/phrases type filter.

Many NTmail admins use this feature to filter email virus and trojans due to
the excessive cost of the NTmail anti-virus addon. In some cases we filter
based on code techniques that are common to email virus in order to possibly
stop future virus and virus mutations that have not yet surfaced. Some even
use this feature in addition to the standard anti-virus dll because of this
capability. It's also one of the best spam filters available for NTmail.

In version 8 this filter is broken. It works as advertised to stop an email
addressed to a single recipient however if the email is addressed to
multiple recipients then only the first one is blocked and the email is
delivered to all the remaining addresses.

Gordano, the software vendor has been contacted by multiple customers about
this problem. They have blocked any mention of it on their support email
list and when we contacted Tom Breingan, Gordano Sales Manager, he did his
best to avoid addressing the issue at all.

We believe it is important that the entire NTmail community be made aware of
this issue because their use of this feature to filter virus/trojans puts
them all at risk.

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ