Hi,
using the site at http://www.emailsecuritycheck.net, I have found a problem. I have not investigated deeply, but is worring that an dangerous attachment is delivered.
Three messages were delivered with .bat attachments
Below one of complete messages. Anyone have solutions ?
Return-Path: securitycheck@emailsecuritycheck.net
Received: from <<ZIMBRA>> (LHLO <<ZIMBRA>>) (10.0.2.5)
by <<ZIMBRA>> with LMTP; Sat, 23 Jan 2016 23:16:04 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by <<ZIMBRA>> (Postfix) with ESMTP id 242711026439F5
for <admin@<<ZIMBRA>>>; Sat, 23 Jan 2016 23:16:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at <<ZIMBRA>>
X-Spam-Flag: NO
X-Spam-Score: 0.529
X-Spam-Level:
X-Spam-Status: No, score=0.529 tagged_above=-10 required=6.6
tests=[BAYES_00=-1.9, INVALID_MSGID=0.568, PYZOR_CHECK=3.25,
RP_MATCHES_RCVD=-0.001, SPF_HELO_NEUTRAL=0.112, SPF_PASS=-1.5]
autolearn=no autolearn_force=no
Received: from <<ZIMBRA>> ([127.0.0.1])
by localhost (<<ZIMBRA>> [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id gZUSb0rJB23Q for <admin@<<ZIMBRA>>>;
Sat, 23 Jan 2016 23:16:03 +0100 (CET)
Received: from byteplant.com (outbound.emailsecuritycheck.net [149.202.232.193])
by <<ZIMBRA>> (Postfix) with ESMTPS id 388C41026CB518
for <admin@<<ZIMBRA>>>; Sat, 23 Jan 2016 23:16:03 +0100 (CET)
Received: from localhost ([127.0.0.1] helo=ovh)
by byteplant.com with smtp (Exim 4.80)
(envelope-from <securitycheck@emailsecuritycheck.net>)
id 1aN6Ts-0001Wg-4Z
for admin@<<ZIMBRA>>; Sat, 23 Jan 2016 23:16:28 +0100
Subject: Test mail 5/7 (ID=uxajslTselPa9nxHdkF4kQ==)
Date: Sat, 23 Jan 2016 23:16:28 +0100
Message-ID: emailsecuritycheck.net.5.uxajslTselPa9nxHdkF4kQ==
From: securitycheck@emailsecuritycheck.net
To: admin@<<ZIMBRA>>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=XXX
--XXX
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
You receive this email because you registered for the Byteplant Email Security Check.
This mail contains a harmless executable attachment named "attached.bat".
Even though it is harmless, it should have been removed (or replaced) by your
attachment blocker.
Find out more here on how to protect yourself against unwanted email attachments:
http://www.byteplant.com/cleanmail
--XXX
Content-Type: application/x-msdownload;
"name"=attached.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
"filename"=attached.bat
echo Your system is vulnerable
pause
--XXX--
Banned extension delivered
-
Fabio S. Schmidt
- Advanced member
- Posts: 183
- Joined: Fri Apr 25, 2014 12:42 pm
Banned extension delivered
Hi,
Have you enabled the ".bat" extension blocking?
Have you enabled the ".bat" extension blocking?
Banned extension delivered
Sure. Otherwise I would not have talked about the problem.
If you read at http://www.emailsecuritycheck.net/, this site make 7 tests. Of these 7, some one (3 messages) pass the blocking rule.
If you see better the message, the MIME section "name" and "filename" they are quoted.
In another message the MIME section is
Content-Type: application/x-msdownload;
name=attached.()bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached.()bat
In another
Content-Type: application/x-msdownload;
name=attached
.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached
.bat
Into first two cases, the file on webclient is showed correttly and you can do dowload. In the last case, the filename is trunked as "attached_".
Very dangeurous !
Regards
Pasquale
If you read at http://www.emailsecuritycheck.net/, this site make 7 tests. Of these 7, some one (3 messages) pass the blocking rule.
If you see better the message, the MIME section "name" and "filename" they are quoted.
In another message the MIME section is
Content-Type: application/x-msdownload;
name=attached.()bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached.()bat
In another
Content-Type: application/x-msdownload;
name=attached
.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached
.bat
Into first two cases, the file on webclient is showed correttly and you can do dowload. In the last case, the filename is trunked as "attached_".
Very dangeurous !
Regards
Pasquale
Banned extension delivered
perhaps my poor English will not be the right judgment on the issue. It possible that no one cares about this issue?
Sure. Otherwise I would not have talked about the problem.
If you read at http://www.emailsecuritycheck.net/, this site make 7 tests. Of these 7, some one (3 messages) pass the blocking rule.
If you see better the message, the MIME section "name" and "filename" they are quoted.
In another message the MIME section is
Content-Type: application/x-msdownload;
name=attached.()bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached.()bat
In another
Content-Type: application/x-msdownload;
name=attached
.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached
.bat
Into first two cases, the file on webclient is showed correttly and you can do dowload. In the last case, the filename is trunked as "attached_".
Very dangeurous !
Regards
Pasquale
Sure. Otherwise I would not have talked about the problem.
If you read at http://www.emailsecuritycheck.net/, this site make 7 tests. Of these 7, some one (3 messages) pass the blocking rule.
If you see better the message, the MIME section "name" and "filename" they are quoted.
In another message the MIME section is
Content-Type: application/x-msdownload;
name=attached.()bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached.()bat
In another
Content-Type: application/x-msdownload;
name=attached
.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=attached
.bat
Into first two cases, the file on webclient is showed correttly and you can do dowload. In the last case, the filename is trunked as "attached_".
Very dangeurous !
Regards
Pasquale