Re: Possible Mail server compromise ?

Dear Bob,

I don't want to start a flame war, let's keep the information relevant
and on topic, as such I'd like
to comment on things relevant to the general public, everything else
is private mail. :) ok?

> It goes without saying that patching does not protect against zero day
> exploits.
:)

> I don't understand what you are saying.  I am assuming that the nruns.com
> product is scanning for viruses in email.
Hmm, I am not sure you (or I) got it right, but apparently they don't parse
the data. So basically if they don't parse it they are a lot less vulnerable
to remote attacks, agree?

> Thus, the data (the email)
> can be manipulated by the attacker.
See above, as I understand it, there is no parsing involved a part
from your normal FROM etc headers.
Attachments that normally contain the payloads (read lots of formats)
are usually

> "No-Parsing paradigma"?  Paradigma isn't even a word (according to
> www.merriam-webster.com).
You are referring to a typo instead of commenting on my concern,  lets
keep the mails relevant
for the general public, if your comment was sincere : you should
lookup "paradigm"

> Our product (and to various degrees others, such as raw ClamAV) also run
> in a "sealed" environment such as a separate UID, chroot'ed, etc.
I beg to differ, chroot is by no means a "sealed" environment. There
are lots of ways to break out of it...

> No, ClamAV would not be vulnerable to this ...
What I posted here was an exploit against Clamav
http://milw0rm.com/exploits/4761

Regards,
Faas.M.Mathiasen