[NT] Antigen for Exchange and SMTP Rule Bypassing Vulnerability

The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Antigen for Exchange and SMTP Rule Bypassing Vulnerability
------------------------------------------------------------------------


SUMMARY

" <http://www.sybari.com/> Antigen for Microsoft Exchange delivers 
comprehensive server-level antivirus protection with a unique, powerful 
multiple scan engine management approach and advanced content-filtering 
capabilities".

By creating an email message with a specific subject, attackers can attach 
any file they wish, which under normal circumstances would be filtered by 
Antigen for Exchange and SMTP.

DETAILS

Vulnerable Systems:
 * Sybari Antigen version 8.0 SR2 for Exchange and SMTP

Immune Systems:
 * Sybari Antigen version 8.00.1517 SR3 for Exchange and SMTP

A vulnerability has been discovered in Antigen for Exchange/SMTP, which 
could potentially be exploited by malicious people to compromise a 
vulnerable system.

The vulnerability is caused by the way Antigen processes its rules in 
handling SMTP messages. A message, containing the Subject line of: 
"Antigen forwarded attachment" can be exploited to cause Antigen to ignore 
custom filters allowing unwanted file attachments into the email system. 
This vulnerability does not disable or bypass virus scanning of 
attachments.

Successful exploitation may allow an unwanted file type to be delivered 
into a user's email inbox.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:AlanM@xxxxxxxxxxxxxx> Alan 
Monaghan.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@xxxxxxxxxxxxxx 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@xxxxxxxxxxxxxx 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.