Hello!
Just to keep correctness.
... and 3APA3A was not the only one who has discovered a high number of vulnerabilities.
In 2002 we have started the so-called "Malformed Mail Project". You can find more information about this project at this website (look for "Virus Bulletin" papers):
<http://www.av-test.org/sites/references_papers.php3?lang=en>
*** Malformed Email Project, Virus Bulletin 11/2002 <http://www.virusbtn.com/magazine/archives/200211/malformed.xml>
-> This paper includes a short description of the project we've started back in 04/2002. Mark Ackermans has created a testset which contains 370 different malformed mails which several anti-virus and content scanner products were not able to handle properly. (At the moment, we have more than 400 different ones in our testset, only about 10% of them are publicly known yet!)
NOTE: If you are a security company and do not have access to the testset yet, you can request a copy (at no charge). You can find more details in the article above (don't forget to read the NDA section included). Please use the mail addresses which are mentioned at <http://www.av-test.org> in the "About us" section only, do not reply to this address!
*** Malformed Email Project - Part 2, Virus Bulletin 02/2003 <http://www.av-test.org/sites/references_papers.php3?lang=en>
-> This paper includes the reactions (e.g. released updates and work-arounds) from the notified companies. An incomplete list can be found below (read the article for more details):
Amavis - A Mail Virus Scanner Astaro, Astaro Security Beginfinite, GWAVA for GroupWise Borderware, Mail Gateway/Mxtreme Firewall Cat Computer Systems, Quickheal Clearswift, Mimesweeper Command Software, Command AV Computer Associates, InoculateIT/eTrust AV Computerized Horizons, Declude Virus DataEnter, XWall Finjan, Surfin Gate Fortinet, Fortigate F-Secure, F-Secure Anti-Virus G Data, AntiVirenKit Gecad Software, Reliable AV GFI, MailSecurity/Mail essentials Gordano, Messaging Suite Grisoft, AVG Group Technologies, IQ Suite H+BEDV Datentechnik, AntiVir Mailgate IBM, Lotus Notes/Domino Ikarus Software, Virus Utilities Indefense, Maildefense Kaspersky Labs, Kaspersky AV Marshal Software, MailMarshal MessageLabs, SkyScan AV Microsoft, Exchange Server/ISA Server Microworld Technologies, eScan/Mailscan Mirapoint, Secure Messaging MKS, MKS_VIR Network Associates, Virusscan/Groupshield/Netshield etc. Norman, Virus Control Open Access, MailGate Panda Software, Panda AV Postini, Postini Softwin, Bitdefender Sonicwall, SonicWall Sophos, Mail Monitor Stalker, CommuniGate Pro Surfcontrol, Surfcontrol e-mail filter Sybari, Antigen Symantec, Norton AV/Symantec AV Trend Micro, InterScan/ScanMail etc. Vircom, VOP ModusGate/ModusMail VirusBuster, VirusBuster WatchGuard Technologies, WatchGuard Webwasher, Webwasher ZoneLabs, ZoneAlarm
cheers, Andreas Marx
-- AV-Test GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Phone: +49 (0)391 6075466, <http://www.av-test.org>
