44CHAPTER 3: CONFIGURING MAIL SECURITY

Malformed Email

Many viruses try to elude virus scanners by concealing themselves in

 

malformed messages. The scanning engines cannot detect the

 

attachment and pass the complete message through to an internal

 

server.

 

Some mail clients try to rebuild malformed messages and may rebuild or

 

activate a virus-infected attachment. Other types of malformed messages

 

are designed to attack mail servers directly. These types of messages are

 

often used in denial-of-service (DoS) attacks.

 

The 3Com Email Firewall analyzes each message with very extensive

 

integrity checks. Malformed messages are quarantined if they cannot be

 

processed.

 

Select Mail Delivery -> Malformed Email from the menu to configure

 

malformed email checks.

Enable malformed scanning — Select this option to enable scanning for malformed emails.

Enable NULL Character Detect — Select this option to enable null character detection. Any messages with null characters in them (a byte value of 0) will be considered a malformed message.

Page 44
Image 44
HP Email Firewall Appliance manual Malformed Email