I have been contacted by one of our users who had a message blocked by Declude Virus and was sent a warning about a Outlook vulnerability contained in the email. The problem is that it was a web server generated email message and not sent from an Outlook/Outlook Express client. I have included the warning with the message headers below.
The X-Mailer is indicated as "ColdFusion MX Application Server" and I have tried a Google search on this problem as well as a search through Macromedia's support site to see if they had such a vulnerability. Does anyone have a suggestion on how this could have occurred and how to prevent it again? Richard Edge System Administrator Computing Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm ----- Original Message ----- From: "Postmaster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, June 26, 2003 12:21 PM Subject: We blocked an e-mail sent to you! > Delivery blocked: [EMAIL PROTECTED] > > The mail server for agape.twu.ca scans each e-mail for Viruses, SPAM > (Junk > Mail) and e-mail vulnerabilities. > > We caught an e-mail addressed to you that is formatted with [Outlook > 'MIME segment in MIME Preamble' Vulnerability], and have quarantined it for your protection. > > If you recognize the below information as a valid e-mail that you want > or should have received, please let us know. Otherwise, the e-mail will be deleted after 3 days. > > FROM: [EMAIL PROTECTED] > TO: [EMAIL PROTECTED] > SUBJECT: Password Notification > Remote IP: 216.136.130.181 > > DATE: 06/26/2003 @ 12:21:41 > > SPOOL FILE: D47c44c7800c40fb6.SMD > > Headers of the e-mail in question: > > Received: from mta500.mail.yahoo.com [216.136.130.181] by agape.twu.ca > (SMTPD32-7.14) id A7C44C7800C4; Thu, 26 Jun 2003 12:21:40 -0700 > Received: from mta2-vm1.mail.yahoo.com for [EMAIL PROTECTED]; Jun 26 12:21:39 2003 -0700 > X-Rocket-Track: 1: 100 > X-Yahoo-Forwarded: from [EMAIL PROTECTED] to [EMAIL PROTECTED] > Received: from 216.57.205.121 (EHLO wharf.piersystem.com) (216.57.205.121) > by mta2-vm1.mail.yahoo.com with SMTP; 26 Jun 2003 12:21:39 -0700 > (PDT) > Received: from wharf.piersystem.com (localhost [127.0.0.1]) > by wharf.piersystem.com (8.11.6/8.11.6) with ESMTP id h5QJLcg13790 > for <[EMAIL PROTECTED]>; Thu, 26 Jun 2003 12:21:39 -0700 > Message-ID: <[EMAIL PROTECTED]> > Date: Thu, 26 Jun 2003 12:21:38 -0700 (PDT) > From: PIER <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Password Notification > Mime-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=05901FB5-E1F1-CAF2-C0620DD8017E80FE" > X-Mailer: ColdFusion MX Application Server > --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.