[Mimedefang] MIMEDefang 2.21 is released - Important Security Note

David F. Skoll dfs at roaringpenguin.com
Thu Sep 12 11:56:02 EDT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

MIMEDefang 2.21 is released.  Also, a new version of the patched MIME-tools
has been put on the MIMEDefang site.  Get everything at:

	http://www.roaringpenguin.com/mimedefang/

Aviram Jenik posted a note on Bugtraq:

	http://online.securityfocus.com/archive/1/291514

detailing how to bypass SMTP security scanners.  MIMEDefang 2.20 and
earlier are vulnerable to this attack in their default configurations.
I recommend performing *both* of the following steps

1) Upgrade to the new MIME-Tools suite from my Web site.
2) Upgrade to MIMEDefang 2.21.  Be sure to upgrade your filter, too;
   see below.

Note that either step (1) or (2) alone will thwart the attack; I
still recommend doing both.

If, for some reason, you do not want to upgrade, then put the following
code in your filter() and filter_multipart() routines:

# Block message/partial parts
if (lc($type) eq "message/partial") {
    action_quarantine_entire_message("Message quarantined because of message/partial type");
    return action_discard();
}

The new sample filter does just that.  Full changelog appended.

Regards,

David.
2002-09-12  David F. Skoll  <dfs at roaringpenguin.com>

	* Version 2.21 RELEASED

	* Removed mime-tools-patch.txt.  Instead, download the patched
	MIME-Tools tarball from the MIMEDefang site.

	* Documented $WarningLocation

	* SECURITY UPDATE: Default filter rejects attachments of type
	"message/partial".  See
	http://online.securityfocus.com/archive/1/291514

2002-09-10  David F. Skoll  <dfs at roaringpenguin.com>

	* mimedefang-multiplexor.c (statsLog): Do not log the date/time
	if we log stats using syslog; it's redundant.  We still include
	a UNIX timestamp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD4DBQE9gLkBxu9pkTSrlboRAlKWAKCJdY7sTkeXbnX+yyNlqDglO2iu3wCY0J3S
GFG9WcEc02mC782D7DyAaQ==
=Z185
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list