SMTP: MIME Tools Virus Evasion Detection
This signature detects attempts to evade antivirus tools such as MIME Tools, a Linux-based email MIME scanner. The MIME RFC allows for an empty boundary, but most all mail clients use one, while many viruses will not.
Extended Description
MIMEDefang is reported prone to multiple remote vulnerabilities. The cause and impact of these issues is currently unknown. It is conjectured that these issues are caused by insufficient sanitization of user-supplied data and may exist in 'mimedefang.pl.in' and 'mimedefang.c' files. MIMEDefang 2.47 and prior versions are affected by these vulnerabilities. This BID will be updated as more information becomes available.
Affected Products
Roaring_penguin_software mimedefang
References
BugTraq: 11563
CVE: CVE-2004-1098
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
Short Name
SMTP:EXPLOIT:MIME-TOOLS-EVADE
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2004-1098 Detection Evasion MIME Tools Virus bid:11563
Release Date
11/17/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mandriva
Roaring_penguin_software
Suse
CVSS Score
7.5