Mailing List CGatePro@mail.stalker.com Message #97126
From: Wayne Gamble <rfecgate@rfe.net>
Subject: Re: CrossDomain.xml
Date: Sat, 24 Jan 2009 07:15:15 -0600
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.930.3)
". . . his file can becustomized now in the Basic WebUser skin."

Outstanding!  Thanks for the quick fix.

 - Wayne


On Jan 24, 2009, at 12:55 AM, Technical Support wrote:

Hello,

Wayne Gamble wrote:
I just went through this with support.  The CrossDomain.xml file is part of the CGate webmail binary and therefore cannot be edited or deleted. (It is only readable/downloadable when webmail is running.)

In the 5.2.12 version of CGPro (just released) this file can becustomized now in the Basic WebUser skin.

The only way we were able to pass the PCI security scan was to shut down all webmail on our server.
- Wayne
On Jan 23, 2009, at 12:52 PM, Thomas Kishel wrote:
Hello,

We subscribe to a security auditing service (McAfee SECURE) that just reported this:

   CrossDomain.xml File Has Allow-all Policy
   Port: 443
   Path: /crossdomain.xml

   <?xml version="1.0"?>
   <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy>
   <allow-access-from domain="*" to-ports="*" />
   </cross-domain-policy>

A file search (via locate) of the filesystem is negative.

A string search (via grep /usr/sbin/CommuniGatePro) finds it in CGServer.

We are running 5.2.9, but I find no potential references in the Revision History.

Anyone already familiar with resolving this?

-- Tom Kishel
Dark Horse Comics, Inc.



#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

-- Best regards,
Dmitry Akindinov

= ======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your
reply.

#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster