• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Trend Micro InterScan VirusWall Space Gap Scan Bypass Vulnerability

A vulnerability has been reported in certain VirusWall versions. Reportedly, it is possible to bypass the scanning mechanism of VirusWall by adding extraneous spaces in certain email HTTP header fields.

A malicious email server may add extraneous whitespace in certain email headers. This would cause VirusWall to ignore the malicious email and not scan it. However, many popular email client programs, including Outlook, will ignore this header and display the content regardless. This may allow malicious content to bypass VirusWall and still be interpreted by a client system.