Postby MDAFederal » Thu Feb 04, 2010 3:58 pm
As best I can tell they are awaiting word (definitively) that the EXPLOIT message is legit. They "supposedly" do not wish to waste time on a problem that they do not believe is theirs. As I may be able to commend this philosophy, all it is going to do is alienate the customers that they are try to woo away from Microsoft. I have been informed that McAfee is not used as part of their QA process, and since it is probably 20% or so market share, that would be a significant number of users that they are writing off right away. I am awaiting word from AVERT Labs on the test files that were sent to them so that we can definitively say it is or is not a Scalix issue. IMHO, changes made between AS 1.0.1 and 1.0.2 were not completely kosher with all players involved. No changes were made to McAfee. McAfee has deemed something that has been changed with the calendar in 1.0.2 as EXPLOITABLE. I personally would rather be safe than sorry. This is not a battle that Scalix should be fighting, in my opinion, and should look to find a fix to the code. I would venture to guess that Exchange and ActiveSync w/Exchange does not have this issue, because it has already been told about this as being EXPLOITABLE and has made this necessary fix years ago. If the competing product does not experience the same symptoms, then you are already losing the battle.