CA Inoculate IT for Exchange Can Be Bypassed

 Reported November 15, 2000 by Hugo Caye

DESCRIPTION

It is possible to cause the AntiVirus Agent to fail when two separate Microsoft Exchange servers, both running Computer Associates Inoculate for Exchange communicate via the Microsoft Internet Mail Connector (IMC).  There are multiple ways to accomplish this.

First, if a message with an infected attachment is sent and the message only contains the attachment (no message body text), Inoculate will not detect the virus.

Second, Inoculate for Exchange does not work with embedded messages.  If one was to attach an infected email to an email, Inoculate does not open the attached message to check for virus'.

The third issue is a configuration one.  If a server based MS Exchange rule to automatically move messages to any other folder than the Inbox exists, Inoculate will not scan the messages for virus'.

The final issue involves telneting to port 25 (SMTP) and modifying certain SMTP headers.  For some reason, Inoculate will not detect a virus sent via an email with modified SMTP headers.

VENDOR RESPONSE

The vendor has been notified but no patch has be released. 

CREDIT
Discovered by Hugo Caye.