Jerry, Good points all.
> Your proposed virus would actually have to execute on the > (supposedly secure) mail server, and in a context that it could > actually change the registry. If an admin allows anything close to > that scenario, he has more problems than potentially passing a > virus. I'd say the problem is an *owned* server that now has an ridiculously easy way to cover its tracks as far as leaving bombs behind. I agree that remote compromise could be disastrous on many more fronts than just this one, but I do think this is a substantive problem anyway. And you wouldn't need to breach the mail server interactively--you'd just need to have hacked an Admin username and be on any machine behind the firewall. > I would imagine that fpcmd.exe (the 32 bit console command line version) > included with the Win version of F-Prot would function OK. It's also not a > problem with the on-access stuff, or the Windows GUI on-demand scanner. IOW, > it's not an F-Prot problem. Very, very good point. This should be a warning to all that they could spring for a teensy bit more $ and get fpcmd.exe. > Problem is most are using the "DOS" F-Prot.exe with Declude, as fpcmd is > relatively new. That is the problem, indeed. > Turning off SFNs should never be done until a full audit of everything that > will be run on a box is done. I did give a caveat in this regard, but admittedly I didn't think that anything within Imail and its environs would be problematic! > Even some "32bit" stuff will break. On my dedicated boxes and those with CF, nothing appears to have gone awry (I've had 8.3 turned off for years), but people should give a second look. > A busy mail server is one of the few applications it could make a real > difference though, but I still prefer for programs to stick to 8.3 wherever > possible. Me too. > They were currently only using hex based numbering for the filename, > I would have gone to base36 numbering before moving past 8.3 > conventions. I was thinking that exact thing, which is why I offered up the possibility that SMTP32 might have reason to parse the 16-character filename at some point in the future. This would, of course, break the entire system, since F-Prot can't rebuild the LFN when it's done. Sandy Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
