Problem

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plain-text exfiltration, aka EFAIL.
(CVE-2017-17688, CVE-2017-17689).

MailGate's end-user interface can be susceptible to this attack if HTML Message Format Viewing is enabled.

Resolution

Disabling HTML viewing will mitigate that issue. To disable the setting globally please open the admin UI and navigate to Administration > Secure Collaboration, then uncheck the "Enable HTML Message Format Viewing" setting and press the "Save" button to commit the changes.