I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test.
John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Goran Jovanovic > Sent: Thursday, June 03, 2004 12:37 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] What is "Partial Vulnerability" on a PDF > > > I guess it would be nice to say > > BANPARTIAL EXE > BANPARTIAL COM > BANPARTIAL VBS > > Etc > > I don't think a PDF can be infected but then again you never know so > maybe ..... > > In any case it is almost a damned if you do damned if you don't > > Thanx > > > Goran Jovanovic > The LAN Shoppe > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of Matt > > Sent: Thursday, June 03, 2004 3:28 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] What is "Partial Vulnerability" on a PDF > > > > Goran, > > > > Outlook/Outlook Express allows a sender to split messages over a > certain > > size into multiple attachments. Messages of this type can bypass > virus > > scanning and therefore represent a vulnerability. I have however > > personally determined that because it is so easy to turn on, and > because > > I have yet to find any viruses that are currently exploiting this > flaw, > > that it is better to leave it off for now rather than comb over my > hold > > file looking for such messages and alerting those that are set up for > > this. Scott does provide a stitch for your Virus.cfg that can turn > this > > off with the following: > > > > BANPARTIAL OFF > > > > I don't feel that this is a "set it and forget it" type of setting, so > > use at your own risk, and keep your eyes and ears pealed for exploits > in > > the event that a virus does start exploiting the flaw. Thankfully the > > trickery has gone down since the arrested that German teenager :) > > > > Matt > > > > > > > > Goran Jovanovic wrote: > > > > >Declude Virus and F-Prot reported > > > > > >X-Declude-Virus: Detected [Partial Vulnerability]. > > > > > >This is an e-mail that has been cut into 5 part and it has a PDF > > >attached to it. > > > > > >------=_NextPart_000_0019_01C4494C.0AFFE0A0 > > >Content-Type: application/octet-stream; > > > name="Report.pdf" > > >Content-Transfer-Encoding: base64 > > >Content-Disposition: attachment; > > > filename="Report.pdf" > > > > > >We stopped the 5 e-mails but why would it have triggered on a PDF > file? > > > > > >Also how does the client out the PDF back together??? > > > > > >Thanx > > > > > > > > > Goran Jovanovic > > > The LAN Shoppe > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.Virus mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.Virus". The archives can be found > > >at http://www.mail-archive.com. > > > > > > > > > > > > > > > > -- > > > ===================================================== > > MailPure custom filters for Declude JunkMail Pro. > > http://www.mailpure.com/software/ > > > ===================================================== > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
