Date: Wed, 12 May 1999 09:52:59 -0500
From: Bob Duffett <Bob.Duffett@CCC.UAB.EDU>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: InoculateIT 4.53 Real-Time Exchange Scanner Flawed

Manufacturer:  Computer Associates
Product:  InoculateIT for Windows NT v4.53 Build 169, Agent for
Microsoft Exchange

This product has a major defect.
We have it running on our Exchange Server
with 1,300 mailboxes yet viruses keep spreading directly from email.  I
did some investigating tonight and found the problem.

It is ONLY scanning the Inbox folder tree.  This would sound simply like
a poor design but it is MUCH worse.

The Inbox Rules Wizard can store the user's rules on the Exchange Server
which will move a message to a specific folder without the message ever
being placed in a user's inbox.  This causes it to comletely by-pass the
InoculateIT Real-Time Scanner.

My CA rep confirmed the problem with CA support who had no work-around
available at this time.

Bob

University of Alabama at Birmingham
Cancer Center Technical Services Facility (CCTSF)
mailto:Bob.Duffett@ccc.uab.edu