COMMAND

    MAILsweeper

SYSTEMS AFFECTED

    Content Technologies' MAILsweeper for SMTP

PROBLEM

    Raj  Wurttemberg  discovered  a  DOS  for  Content   Technologies'
    MAILsweeper for SMTP product.  He noticed that no mail was leaving
    the MAILsweeper SMTP gateway so  he checked the queues...   He had
    over  10,000  e-mails  queued  up!   So  he  tried  to  stop   the
    MIMEsweeper service,  it wouldn't  stop.   He set  the MAILsweeper
    service startup  to manual  and rebooted  the machine.   When  the
    computer came  back up  he copied  off the  offending message pair
    and started it back up again.  About 10 minutes later he saw  that
    both CPU's were maxed  out and no more  mail was flowing.   He did
    the same process  as above but  he noticed that  the file was  the
    same length.   He compared  the two  and discovered  that although
    they  were   slightly  different   e-mails  they   had  the   same
    attachments.

    At this  point Raj  called Content  technologies and  sent them  a
    compressed version of the DOS message  via Linux box.  As soon  as
    it hit *their*  MAILsweeper 4.1.x server  it promptly hung  one of
    the message processing threads.

    The Zip file  containing the message  pair to hang  MAILsweeper is
    available at:

        http://www.starbase-01.com/misc/lockmsw.zip

    At this point ANY Content Technologies MAILsweeper for SMTP  could
    be taken out of service with the "lockmsw.zip" file above.

SOLUTION

    Testing has shown that MAILsweeper for SMTP 4.1_6 / 4.1_7 /  4.1_9
    processes  this  message  without  difficulty  and  quarantines it
    because one of the message components is corrupt.