| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: geoincidents at getinfo.org (Geo) Subject: NTmail (GMS) 8 filtering bug The following exploit was discovered simultaneously by a number of NTmail users, I'm just one of them. In NTmail version 8 there is a mail filtering addon called JUCE which allows filtering of email by using a reserved words/phrases type filter. Many NTmail admins use this feature to filter email virus and trojans due to the excessive cost of the NTmail anti-virus addon. In some cases we filter based on code techniques that are common to email virus in order to possibly stop future virus and virus mutations that have not yet surfaced. Some even use this feature in addition to the standard anti-virus dll because of this capability. It's also one of the best spam filters available for NTmail. In version 8 this filter is broken. It works as advertised to stop an email addressed to a single recipient however if the email is addressed to multiple recipients then only the first one is blocked and the email is delivered to all the remaining addresses. Gordano, the software vendor has been contacted by multiple customers about this problem. They have blocked any mention of it on their support email list and when we contacted Tom Breingan, Gordano Sales Manager, he did his best to avoid addressing the issue at all. We believe it is important that the entire NTmail community be made aware of this issue because their use of this feature to filter virus/trojans puts them all at risk. Geo.
Powered by blists - more mailing lists