David,
With 2.0.6.16, which is available from the Declude site, you can turn
off the Outlook CR Vulnerability. I have turned off all but a couple of
these because of numerous false positive issues.
As far as this message goes, it is almost definitely their antivirus
scanning product that munged the headers (X-AntiVirus: gadoyanvirus
0.3), but it could be something else that adds or rewrites headers.
They certainly look strange to me, and possibly not RCF compliant
outside of the CR issues.
Thunderbird definitely has no issues with this, nor does almost every
legitimate E-mail client out there, but people that script E-mail
generation (especially PHP stuff) or use obscure products seem to have
issues with this frequently enough that it is not worth the trouble. If
there was ever an exploit spreading actively in the wild, I would
rethink my position. I believe that Microsoft has long since patched
the flaw, though it can certainly cause parsing issues in virus scanners
that could lead to missing the payloads due to a message that was
improperly formatted.
Matt
David Dodell wrote:
Had email from a company today (Photodex) rejected due to the Outlook
'CR' Vulnerability but from the headers it looks like the email
originated from Thunderbird as the email client ... see headers below
...
Is it time to drop the Outlook vunerbility test??
David
Received: from eman.photodex.com <http://eman.photodex.com>
[64.132.190.157<http://64.132.190.157>]
by drdodell.com <http://drdodell.com>
(SMTPD32-8.05) id AB6E1D23028A; Thu, 11 Aug 2005 10:31:26 -0700
Received: (qmail 7712 invoked from network); 11 Aug 2005 17:31:26 -0000
X-AntiVirus: gadoyanvirus 0.3
Received: from unknown (HELO ?10.10.0.149?) (10.10.0.149<http://10.10.0.149>
) by eman.vpn.photodex.com <http://eman.vpn.photodex.com> with SMTP; 11 Aug
2005 17:31:26 -0000
Message-ID: <[EMAIL PROTECTED]>
X-Photodex-Original-Date: Thu, 11 Aug 2005 12:32:11 -0500
From: Photodex Corporation - Chris <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: ProShow Gold Support Request
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 11 Aug 2005 12:31:26 -0500 David,
X-Declude-Sender: [EMAIL PROTECTED] [64.132.190.157<http://64.132.190.157>
]X-Spam-Tests-Failed: None [0]
X-Country-Chain:
X-Note: This E-mail was sent from ([64.132.190.157 <http://64.132.190.157>
]).
X-Hello:
X-Declude-Virus: Detected [ Outlook 'CR' Vulnerability].
-----
Internet Dental Forum www.internetdentalforum.net
Dentalcast Podcast www.dentalcast.net
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
