-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
The current version for interscan solaris is 1207 and correct your issue. regards >> -----Message d'origine----- >> De : Ishay Sommer [mailto:[EMAIL PROTECTED]] >> Envoye : mercredi, 24. avril 2002 10:49 >> A : [EMAIL PROTECTED] >> Objet : Trendmicro - Interscan - List of BCC: is revealed when >> stripping attachments and notifying destination addresses >> >> >> Hello. >> >> This email was sent to [EMAIL PROTECTED] over a week ago, >> so far, no response. >> >> In the company that I work for, we use -InterScan Version >> 3.6-Build_1142, for >> stripping of unwated attachments, "Spam". >> No other versions have been tested. >> >> Our sys admin has configured the mail scanner, to notify all >> destination addresses of a message containing such attachments, of >> the "Spam" alert. Meaning, that if I send a bad content message to >> 10 recipients, all of them receive >> a "Spam" alert. >> >> The problem is that, each one of the recipients receives to his >> mailbox the spam warning message, >> including all addresses of which the original message was sent to, >> even if they were sent as Bcc: >> >> For example: >> >> **************** eManager Notification ***************** >> >> The following mail was blocked since it contains sensitive >> content. >> >> Source mailbox: <ME> >> Destination mailbox(es): <RCPT1>,<RCPT2>,<RCPT3> >> Policy: Attachment Removal >> Attachment file name: accident.mpg - video/mpg >> Action: Replaced with text >> >> The email was stripped from its attachment, since it doesn't >> comply with <ISP>'s Email Policy as can be viewed by <ISP>'s >> employees.... >> >> ******************* End of message ********************* >> >> This is a serious security disclosure vulnerability, as all of the >> message's recipients, now have all >> the email addresses who were suppose to be kept secret. >> >> I wish to publish this vulnerability on Bugtraq, after providing >> you with sufficient time to correct the problem, based on your >> response, and our communication. >> >> Thank you >> >> Ishay Sommer >> >> >> -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPMe9j5C2KxGEE+dSEQIXfQCgtHMtxSf3qR0Ms8HiTrr79rQWHIIAoNr3 VC6BwNU5xhKRpJNJxYVapZJ0 =Yjzr -----END PGP SIGNATURE-----