U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

A year ago, KrebsOnSecurity warned that "Informed Delivery," a new offering from the U.S. Postal Service USPS that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and ma...

USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

In October 2017, KrebsOnSecurity warned that ne'er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could...

Clam AntiVirus: Denial of service

Background Clam AntiVirus is an open source GPL anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description A heap-based buffer overflow exists in the cliscanpe function in libclamav/pe.c in ClamAV. Impact A remote attacker could possibly cause a Denial of...

E-Mail Security Virtual Appliance (ESVA) - Remote Execution

Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: ; while$cmd ! "exit" $content = ""; $ua = LWP::UserAgent-new;...

MDVA-2009:018 : clamav

This update fixes several issues with clamav: - update unexpectely changes location of clamd socket 46459 - clamav-milter was not built 46555 - Clamav-milter wanted to remove postfix 46556 - Scanning mail with clamav leaves a big temporary folder 46642 - Build fails if invoked with --with milter,...

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Moritz Jodeit reported an off-by-one error within the getunicodename function in libclamav/vbaextract.c when processing VBA project files CVE-2008-5050. Ilja van...

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description An integer overflow has been reported in the "cliscanpe" function in file libclamav/pe.c CVE-2008-0318. Another unspecified vulnerability has been reported in fil...

CVE-2002-1777

Symantec Norton AntiVirus (NAV) 2002 is affected. The issue lets an attacker bypass e-mail scanning by placing an allowed filename in the Content-Type header with an excluded extension (e.g., .nch, .dbx) while using a malicious extension in the Content-Disposition header (used by Outlook to obtai...

CVE-2002-1774

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is...

CVE-2002-1774

Symantec Norton Antivirus 2002 is affected. The issue allows remote attackers to bypass e-mail scanning by sending a virus with a NULL character in the MIME header before the virus. Vendor disputes the initial scan bypass but notes AutoProtect may detect the virus before execution. There is no pu...

Unchecked buffer in PC-cillin

---------------------------------------------------------------------------- - Texonet Security Advisory 20021210 ---------------------------------------------------------------------------- - Advisory ID : TEXONET-20021210 Authors : Joel Soderberg and Christer Oberg [email protected] Issue...

Trend Micro PC-cillin 200020022003 - Mail Scanner Buffer Overflow

Trend Micro PC-cillin 200020022003 - Mail Scanner Buffer Overflow source: https://www.securityfocus.com/bid/6350/info A buffer overflow vulnerability has been reported for PC-cillin's mail scanning utility. An attacker can exploit this vulnerability by connecting to a vulnerable pop3trap.exe...