Question
It was found that from time to time certain attachments were not being caught by the attachment blocking facility within GMS Anti-Spam. Other attachments with a similar extension are being blocked successfully.
Answer
The attachments that were found to bypass the attachment blocking facility of GMS Anti-Spam made use of a broken mime boundary within the body of the incoming message.
Specifically, the line containing the name of the attachment was wrapped onto a line of its own. This wrapped line did not start with white space as required by the mime RFCs.
This only affected customers running the ntmvpp.dll on their system. Those using ntmvscan.dll are unaffected. It is possible to check which of these two files is being used on a system by enabling full logging for the SMTP service, stopping and restarting it, and taking a look in the current SMTP log to see which DLL is being loaded at startup.
We have supplied an updated ntmvpp.dll that resolves this issue.
Note: Customers running GMS Anti-Virus were still protected from attachments containing malicious content.
Downloads
- <
See Also:
- How do I determine which hotfixes to apply to my system?
- How do I apply hotfixes to my GMS server
- How do I install a patch?
Keywords:bypass attachment blocking malformed mime