Why do some attachments bypass the attachment blocking options in GMS Anti-Spam?

  1. Home
  2. Knowledge Base
  3. GMS
  4. Why do some attachments bypass the attachment blocking options in GMS Anti-Spam?

Question

It was found that from time to time certain attachments were not being caught by the attachment blocking facility within GMS Anti-Spam. Other attachments with a similar extension are being blocked successfully.

Answer

The attachments that were found to bypass the attachment blocking facility of GMS Anti-Spam made use of a broken mime boundary within the body of the incoming message.

Specifically, the line containing the name of the attachment was wrapped onto a line of its own. This wrapped line did not start with white space as required by the mime RFCs.

This only affected customers running the ntmvpp.dll on their system. Those using ntmvscan.dll are unaffected. It is possible to check which of these two files is being used on a system by enabling full logging for the SMTP service, stopping and restarting it, and taking a look in the current SMTP log to see which DLL is being loaded at startup.

We have supplied an updated ntmvpp.dll that resolves this issue.

Note: Customers running GMS Anti-Virus were still protected from attachments containing malicious content.

Downloads

  • <

See Also:

Keywords:bypass attachment blocking malformed mime

Was this article helpful?

Related Articles