This looks like a clear explanation to me:
18.3 Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of David Maynard > Sent: Friday, September 24, 2004 5:17 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [Declude.Virus] Paypal and "Outlook 'Blank Folding' Vulnerabi lity" > > While the PayPal messages apparently aren't properly formatted via the > RFC's, they clearly aren't "vulnerabilities." I have always considered this > one of Declude's most questionable "features." For marketing purposes, this > is touted as something that Declude stops while other programs don't. It > isn't well explained and would lead people to believe that anything it traps > is something nasty. The truth is that most things it traps are legitimate > emails that are the product of badly-coded email programs. A more accurate > method of detecting *real* exploits of the blank folding problem would > certainly be very appreciated. > > -----Original Message----- > From: R. Scott Perry [mailto:[EMAIL PROTECTED] > Sent: Friday, September 24, 2004 12:12 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] Paypal and "Outlook 'Blank Folding' > Vulnerability" > > > > >That's a good question...Scott? > > We've tried unsuccessfully to contact PayPal in the past, when they were > sending out vulnerabilities. > > However, if people send us samples, we can try to contact them again. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
