[原文]Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set.
MAILsweeper for SMTP/Exchange Invalid Character Set Scan Bypass
Remote / Network Access
Attack Type Unknown
Loss of Integrity
MAILsweeper for SMTP/Exchange contains a flaw that may allow a malicious user to bypass text analysis. The issue is triggered when handling of messages that specify a non-existent character set. It is possible that the flaw may allow filter bypassing resulting in a loss of integrity.
Upgrade to version 4.3.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.