VULHUB ™

It is reported that MAILsweeper for SMTP does not filter malicious archives of various formats. The application does not detect malicious content or file names of archives contained in email. Some of the formats not detected by the application include 7ZIP, ACE, ARC, BH, BZIP2, HAP, HPK, IMG, PAK, RAR, and ZOO. Successful exploitation may allow malicious code to be executed on client systems. Exploitation can only occur if a user executes a malicious attachment and malicious files must also bypass any local anti virus software. MAILsweeper for SMTP versions prior to 4.3.15 are reported affected by this issue. This issue may be related to BID 8982 (Clearswift MAILsweeper for SMTP Zip Archive Filtering Bypass Vulnerability).

It is reported that MAILsweeper for SMTP does not filter malicious archives of various formats. The application does not detect malicious content or file names of archives contained in email. Some of the formats not detected by the application include 7ZIP, ACE, ARC, BH, BZIP2, HAP, HPK, IMG, PAK, RAR, and ZOO. Successful exploitation may allow malicious code to be executed on client systems. Exploitation can only occur if a user executes a malicious attachment and malicious files must also bypass any local anti virus software. MAILsweeper for SMTP versions prior to 4.3.15 are reported affected by this issue. This issue may be related to BID 8982 (Clearswift MAILsweeper for SMTP Zip Archive Filtering Bypass Vulnerability).