Re: [Declude.Virus] Paypal and "Outlook 'Blank Folding' Vulnerability"

[Matt]

John, This is only a vulnerability because of a flaw that once existed in one E-mail client.  To the best of my knowledge, it has not been used to spread a virus in at least the last year, however this test has resulted in small numbers of legitimate E-mail being blocked on most systems. It seems that the reason for the all or nothing approach to vulnerabilities in the past was one that came from what Scott considered his better judgment and possibly where things fell in terms of priorities.  He has however recently stated that new management has sided with the belief that these settings should be customizable. I would have turned the vulnerability detection off by now except for the fact that more recently there has been good progress on malformed file detection that has been useful in blocking viruses (or at least stopping the banned extension bounce messages on our system).  I would prefer that when this is changed and control becomes more granular, that we get the ability to filter on these hits in JunkMail instead of just turning on and off each test.  That would allow me to review the messages under the same system as the spam, although segregated. Since the problem is currently small and the customer that suffers from the only reoccurring problem understands, I'm just simply patiently awaiting the time when this rises to the top of the list.  Better granularity is in fact a benefit to the application, Declude's business, and definitely ours.  I am generally smart enough to make my own decisions, or at least fully willing to take responsibility for them :) Matt John Tolmachoff (Lists) wrote: This looks like a clear explanation to me: 18.3 Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Maynard Sent: Friday, September 24, 2004 5:17 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.Virus] Paypal and "Outlook 'Blank Folding' Vulnerabi lity" While the PayPal messages apparently aren't properly formatted via the RFC's, they clearly aren't "vulnerabilities." I have always considered this one of Declude's most questionable "features." For marketing purposes, this is touted as something that Declude stops while other programs don't. It isn't well explained and would lead people to believe that anything it traps is something nasty. The truth is that most things it traps are legitimate emails that are the product of badly-coded email programs. A more accurate method of detecting *real* exploits of the blank folding problem would certainly be very appreciated. -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Friday, September 24, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Paypal and "Outlook 'Blank Folding' Vulnerability" That's a good question...Scott? We've tried unsuccessfully to contact PayPal in the past, when they were sending out vulnerabilities. However, if people send us samples, we can try to contact them again. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================