Gordano Ltd. tested GMS against the 141 MIME exploit tests provided by NISCC. These tests fall into a number of categories:
- Valid messages
- Valid but virus infected messages
- Messages containing invalid MIME
- Messages containing valid but suspicious MIME
From the November 2004 release GMS is able to detect and reject all virus infected messages using GMS Anti-Virus. Messages containing invalid MIME or valid but suspicious MIME may be detected using the Message Quality feature in GMS Anti-Spam. The Message Quality feature performs over 40 different checks on message content and structure looking for invalid and suspicious content including but not limited to suspicious MIME content. This feature is able to detect all the malformed MIME messages in the NISCC suite. A combination of both GMS Anti-Virus and GMS Anti-Spam is required to reject all of these messages.
GMS Webmail has also be tested against the NISCC message suite and found to contain no vulnerabilities. All of the MIME is interpreted correctly without failure. All virus infected messages were blocked correctly when GMS Anti-Virus was installed and active.
For complete protection against this sort of attack it is necessary to enable certain options. Some of these options are off by default as they may stop valid messages being accepted by the server.
- GMS Anti-Virus – Virus scanning should be enabled.
- GMS Anti-Spam – All Message Quality checks should be enabled.
In addition to the above the server may also be configured to Quarantine invalid messages. This will allow suspicious messages to be recovered if necessary.
If customers are concerned about the subject, specific advice and guidance may be obtained by contacting Gordano support.
More information about NISCC may be found on their website http://www.niscc.gov.uk. Information on the MIME vulnerabilities may be found at http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
- What is Quarantine?
- Can rejected messages be saved and approved later?
- How can I reject malformed mime messages?
- What do the "X-Defects" headers appearing in messages mean?
- Can GMS Anti-Virus quarantine a virus infected email message?
Keywords:niscc mime exploits