It is a recently discovered vulnerability that allows Outlook to see attachments that don't really exist, which means that if not caught as a vulnerability, viruses could get through. In the cases we have seen so far, the false positives are incorrectly constructed E-mails, where the E-mail doesn't even work as it was intended to (there is a stray MIME segment that wasn't formed correctly, so it won't be seen).I just installed the newest version of Declude and I am seeing this from my virus notification email:<snip> The attachment is [Outlook 'MIME segment in MIME Preamble' Vulnerability] What is the mime preamble vulnerability? (reader's digest version is fine)
MIME works by converting the body of an E-mail into a number of segments -- such as a text or HTML segment that you can view, and attachments. However, it also allows for a "preamble" and a "postamble", which allow information to appear before or after the MIME segments. Most mail clients do not display this information (which typical says "If you can read this, your mail client doesn't understand MIME").
An incorrectly formatted MIME E-mail may have a wrong "boundary string" in the first MIME segment, so where the person who created the E-mail *thinks* there is a MIME segment, it is really still the MIME preamble (which doesn't end until the first MIME segment begins). Outlook, however, may treat this as an actual MIME segment, and may be able to see a virus there. That's why it needs to be caught as a vulnerability.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
