Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 595 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

possible security issue with pop3 scanner

William Warren
Max Scanning Size: Specify the maximum size for messages to be scanned by the anti-virus engine. Messages exceeding this size are exempt from being scanned.

so i can pack a message with say..30 megs of zero byte stuff then in the 31st meg i have my payload.  I think messages that exceed this size should be automatically quarantined.


This thread was automatically locked due to age.
Parents
  • 0
    Another issue with the AV scanners in generall; if a file is password protected (rar, zip, etc.) it is not scanned (it can't be scanned without the passphrase)... we should have the option to quarantine such attachments as well --- and this would go for HTTP, SMTP, and POP3 proxies.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0
    Another issue with the AV scanners in generall; if a file is password protected (rar, zip, etc.) it is not scanned (it can't be scanned without the passphrase)... we should have the option to quarantine such attachments as well --- and this would go for HTTP, SMTP, and POP3 proxies.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    Another issue with the AV scanners in generall; if a file is password protected (rar, zip, etc.) it is not scanned (it can't be scanned without the passphrase)... we should have the option to quarantine such attachments as well --- and this would go for HTTP, SMTP, and POP3 proxies.

      at least on my copfilter(ipcop addon) i can set encrypted or locked files directly to quarentine..[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Cookie Information Banner