https://cxsecurity.com/issue/WLB-2005090013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-195

SybariAntigen是一个多重扫描引擎解决方案，实现了在单一产品中集合了从探测到执行的八种不同的扫描引擎，针对当今的恶意代码攻击提供了更高级别的安全防护。SybariAntigen8.0SR2版没有正确过滤SMTP信息，使得远程攻击者得以绕过客户过滤规则，通过标题为”Antigen提交的附件”的信息发送任意文件类型的附件。

======================================================================
- Sybari Antigen for SMTP / Exchange Rule / Attachment Pass through -
======================================================================
1) Affected Software

Sybari Antigen v8.0 SR2 for Exchange/SMTP

Other versions may also be affected.

======================================================================
2) Description of Vulnerability

A vulnerability has been discovered in Antigen for Exchange/SMTP, which
could potentially be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused by the way Antigen processes its rules in
handling SMTP messages. A message, containing the Subject line of: 
"Antigen forwarded attachment" can be exploited to cause Antigen to
ignore custom filters allowing unwanted file attachments into the email
system. This vulnerability does not disable or bypass virus scanning of
attachments.

Successful exploitation may allow an unwanted file type to be delivered
into a user's email inbox.

======================================================================
3) Solution

Update to the latest version via online update.
(Antigen v8.0 sr3 for Exchange/SMTP Version 8.00.1517 SR3).

======================================================================
4) Credits

Reported by Alan G. Monaghan, Gardner Publications, Inc. on Thursday,
September 01, 2005

来源:XF
名称:antigen-subject-bypass-security(22327)
链接:http://xforce.iss.net/xforce/xfdb/22327
来源:BID
名称:14875
链接:http://www.securityfocus.com/bid/14875
来源:SECUNIA
名称:16759
链接:http://secunia.com/advisories/16759/
来源:BUGTRAQ
名称:20050919Antigen8.0forExchange/SMTPRuleVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112714679622107&w;=2
来源:SECTRACK
名称:1014934
链接:http://securitytracker.com/id?1014934
来源:SREASON
名称:15
链接:http://securityreason.com/securityalert/15