Marc,

2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made.  The only caveat here is that you will have issues on any version of IMail later than 8.15HF2.  2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of.

I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump.

Matt



Marc Catuogno wrote:

So since I am running 1.82 I can either allow all vulnerabilities or not…

I have been putting off upgrading till IMAIL and Declude are all at nice stable releases…

Any input on what the latest/best working combo  is?

 

Crap. 

 

Thank you!

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Monday, January 30, 2006 5:44 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Blank folding vulnerablity help

 

ALLOWVULNERABILITIESFROM came in 2.0.  They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher.  I think it came along somewhere after 2.0.6.0

Matt



Marc Catuogno wrote:

Matt thank you – What version of Declude is needed for these “allows”?

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Monday, January 30, 2006 5:09 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Blank folding vulnerablity help

 

Marc,

It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it.

You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced).

ALLOWVULNERABILITY    OLBLANKFOLDING

I would actually suggest turning off all of the following:

ALLOWVULNERABILITY    OLCR
ALLOWVULNERABILITY    OLSPACEGAP
ALLOWVULNERABILITY    OLMIMESEGMIMEPRE
ALLOWVULNERABILITY    OLMIMESEGMIMEPOST
ALLOWVULNERABILITY    OLLONGFILENAME
ALLOWVULNERABILITY    OLBLANKFOLDING
ALLOWVULNERABILITY    OBJECTDATA
ALLOWVULNERABILITY    OLBOUNDARYSPACEGAP


If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg:

ALLOWVULNERABILITIESFROM   [EMAIL PROTECTED]

Matt



Marc Catuogno wrote:

Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test.  What can I tell this person they should do to not have this e-mail get caught?  I don’t want to allow vulnerabilities through but….

 

01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802]

01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316]

01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]

Reply via email to