>Can anyone tell me what the [Outlook 'CR' Vulnerability] is and where to >fine information on it to give to the customer. I am running f-prot 3.12 >as the scanner
The issue is that there is a header with an illegal character in it (a carriage return, rather than the carriage return + linefeed that indicates the end of a line). There is no valid reason to have such as character in the headers, and it violates RFC specs (and would be reason to fail the BADHEADERS test in Declude JunkMail, although that is not currently tested for). Having such a character in the headers causes a "fork" in processing the E-mail -- some programs (AV scanners or mail clients) will handle the headers correctly, others (Outlook) will not, and will process the E-mail very differently (with extra headers that don't really exist, without headers that do exist, and even creating non-existent attachments with very real viruses). As a result, having such a character bypasses security mechanisms. http://www.openoffice.nl/special_interest/outlookbug.html has more information on this issue. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
