Security Firm: Outlook Express Can Be Used To Bypass Email Filters
Beyond Security's SecurITeam says it has discovered a way to use Microsoft's Outlook Express to email malicious code that may not be detected by common filtering techniques, including virus scanners, content filters and firewalls.
The technique employs a rarely used Outlook Express feature called "message fragmentation and re-assembly" that allows users to split an SMTP-based mail message into multiple parts, the SecurITeam advisory says.
The feature is intended to enable users with lower-speed Internet connections, or with message size restrictions imposed by ISPs, to send large messages in multiple fragments. The recipient's email client reassembles the message, such that the recipient never knows it was fragmented.
Similarly, security tools won't know that the fragmented SMTP message is actually multiple parts of one whole. For example, if the sender ships out a virus in multiple parts, a virus scanner will fail to detect the virus signature, according to the SecurITeam.
The SecurITeam has assembled responses from a number of vendors detailing how or if their security products deal with the issue. The advisory can be found at: http://www.securiteam.com/securitynews/5YP0A0K8CM.html.
GFI, a UK-based vendor of email and security software, is providing a free test that administrators can run to determine whether their network is protected against the fragmentation attack. The test is available at: www.gfi.com/emailsecuritytest.
By Paul Desmond
September 12, 2002
Security startup Ingrian Networks adds support for IBM's Lotus iNotes Web Access to the lineup of security applications supported on its security appliance, enabling iNotes users to securely exchange email via the Web and store it after the fact.