Mailing List CGatePro@mail.stalker.com Message #97123
From: Wayne Gamble <rfecgate@rfe.net>
Subject: Re: CrossDomain.xml
Date: Fri, 23 Jan 2009 13:25:27 -0600
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.930.3)
I just went through this with support.  The CrossDomain.xml file is part of the CGate webmail binary and therefore cannot be edited or deleted. (It is only readable/downloadable when webmail is running.)

The only way we were able to pass the PCI security scan was to shut down all webmail on our server.

 - Wayne




On Jan 23, 2009, at 12:52 PM, Thomas Kishel wrote:

Hello,

We subscribe to a security auditing service (McAfee SECURE) that just reported this:

CrossDomain.xml File Has Allow-all Policy
Port: 443
Path: /crossdomain.xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

A file search (via locate) of the filesystem is negative.

A string search (via grep /usr/sbin/CommuniGatePro) finds it in CGServer.

We are running 5.2.9, but I find no potential references in the Revision History.

Anyone already familiar with resolving this?

--

Tom Kishel
Dark Horse Comics, Inc.



#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster