AV Engine - evasion by manipulating MIME attachment

Summary

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines may allow

an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Affected Products

FortiOS running AV engine version 6.00168 and below.
FortiOS running AV engine version 6.00274 and below.

FortiMail running AV engine version 6.00168 and below.
FortiMail running AV engine version 6.00274 and below.

FortiClient running AV engine version 6.00168 and below.
FortiClient running AV engine version 6.00274 and below.

Solutions

Please upgrade AV engine to version 6.00169 or above.
Please upgrade AV engine to version 6.00275 or above.

Please upgrade to FortiMail version 7.2.0 or above
Please upgrade to FortiMail version 7.0.3 or above
Please upgrade to FortiMail version 6.4.7 or above

Please upgrade to FortiOS version 7.0.8 or above.
Please upgrade to FortiOS version 7.2.2 or above.

Please upgrade FortiOS AV engine to version 6.00169 or above.
Please upgrade FortiOS AV engine to version 6.00275 or above.