Title: Clearswift MIMEsweeper For SMTP Encrypted Email Scanner Bypass Vulnerability
Severity: HIGH
Description:
A vulnerability has been reported in Clearswift MIMEsweeper that may result in malicious emails bypassing the scanner. This is due to an issue in classifying encrypted emails, such as emails containing password protected archives, causing them to be marked as "clean" instead of being properly flagged as "encrypted".
The consequence of this vulnerability is that emails containing potentially malicious content may bypass the email scanner and reach end users. A victim end user may then assume that the content is safe and take further action, such as opening a malicious file attachment, though this will require the end user to decrypt the content by entering the correct password (which could be sent to in the message accompanying the malicious password-protected attachment)
This issue affects users who have upgraded to MIMEsweeper for SMTP 5.0 from MAILsweeper Business Suite I, MAILsweeper Business Suite II, or MAILsweeper for SMTP version 4.3. Fresh installs of MIMEsweeper for SMTP 5.0 are not affected.
Affected Products:
- Clearswift MIMEsweeper for SMTP 5.0.0
References:
- Clearswift: Readme for MIMEsweeper for SMTP 5.0.5
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
