On Thursday 24 January 2002 17:06, Bob Tanner wrote: > Vulnerability found on port www (80/tcp) > > The 'windmail.exe' cgi is installed. > > > Yet, doing a find for "*windmail*" on all drive comes up blank. > > So, is this a false positive? hidden file? something inside IIS? Not being familiar with what windmail is I did the obligitory Google search. It found a BugTraq document from March 2000 that talked about NOT putting windmail.exe in the cgi-bin directory but providing access to it in its "normal" location to CGIs. I wonder if MS in their goal to make IIS stand for the "Idiot's Internet Server" added a helper script to access windmail without any additional muss or fuss. Might want to check the IIS configuration console for what programs are defined as available to run (or something like that.) The configuration might just know that windmail.exe is "allowed" to run and that might be setting off the alarm without the concern for windmail being loaded. A shot in the inky black darkness... -- Jack Ungerleider jack at jacku.com