Re: [Declude.Virus] vunerabilities

[Matt]

Maybe if you were more clear about this being a 2.0.6.10 Beta enhancement???  Can I hear an Hallelujah!!! I was in the middle of going through a month's worth of blocked vulnerabilities to extract Mail From's for building an ALLOWVULNERABILITIESFROM list, but choosing which ones to turn off would be much easier.  My list would at a minimum include the following three to exclude from being checked: Outlook CR Vulnerability Outlook Boundary Space Gap Vulnerability Outlook MIME Segment in MIME Preamble Vulnerability I have identified multiple false positives for each of these, especially the Outlook CR Vulnerability.  I will probably still complete my review just to be safe.  I'm not aware of any of these except for the HTML Object Data Vulnerability being associated with actual viruses (warning, I certainly could be wrong).  The HTML Object Data Vulnerability is tagged with both of my virus scanners so it may be somewhat redundant. There has long been a switch for turning off the Partial Vulnerability and I have run with this turned off for some time due to false positives (you can trip this by checking a single box in Outlook, and some do).  That one is set with the following: BANPARTIAL    OFF And just another word of caution.  Although I am not aware of these vulnerabilities being exploited, and although I believe that some or maybe even all of them have been patched for some time, the choice to create these at the time was a good choice because you can't effectively design a virus scanner to do things like extract attachments hidden in headers that are only displayed as the result of error correction within Outlook clients.  So if such exploits do surface, and if they are successful, your Declude Virus config may very well not detect them. If others are aware of any other common forms of false positives, please do share.  Here's the list from the site: HTML Object Data Vulnerability     ALLOWVULNERABILITY    OBJECTDATA Outlook CR Vulnerability     ALLOWVULNERABILITY    OLCR Outlook Space Gap Vulnerability     ALLOWVULNERABILITY    OLSPACEGAP Outlook Blank Folding Vulnerability     ALLOWVULNERABILITY    OLBLANKFOLDING Outlook MIME Header Vulnerability     ALLOWVULNERABILITY    OLMIMEHEADER Outlook MIME Segment in MIME Preamble Vulnerability     ALLOWVULNERABILITY    OLMIMESEGMIMEPRE Outlook MIME Segment in MIME Postamble Vulnerability     ALLOWVULNERABILITY    MIMESEGMIMEPOST Outlook Long Boundary Vulnerability     ALLOWVULNERABILITY    OLLONGBOUNDARY Outlook Boundary Space Gap Vulnerability     ALLOWVULNERABILITY    OLBOUNDARYSPACEGAP Outlook Long File Name Vulnerability     ALLOWVULNERABILITY    OLLONGFILENAME Matt Nick wrote: Does anyone know or have a list of the vulnerabilities that are a real problem and should be blocked or conversely the vulnerabilities that are not a virus/worm threat? Thanks! -Nick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================