Re: [Declude.Virus] Blank folding vulnerablity help

[Matt]

Marc, I'm using SmarterMail for hosted E-mail and 2.6 isn't quite where I would like to see it.  I'm not sure what the new version will offer that 2.6 doesn't, but there will certainly be refinements for Declude such as support for WHITELIST AUTH and their port 587 support will enable us to lock it down to AUTH-only connections.  On the other hand, some of the things that bother me somewhat are the proprietary format of the user's mail box files (there is a mix of binary and ASCII data and they can't be hand-edited).  They also don't have tools available such as IMail's ExtractUsers.exe which outputs a file with all user information and their passwords.  I also have some gripes about not being able to disable things like catch-all functionality and vacation messages, and I think that some of their default settings could be better thought out such as needing to check a box when entering a forwarding address or it will leave a copy of the messages on the server.  On the flip side it does have some features that are nicer than IMail 8.15 such as a better Web interface and better performance.  The interface is why I switched, but I still use IMail with Declude for doing all of my scanning. As far as IMail 2006 goes, I think they are doing a good job of listening, but naturally with such a big change to their Web interface one should wait a little bit for things to become fully vetted and stable.  I think they are working fast to address all known issues.  I also like the idea that IMail has opted for a very open Webmail implementation so that one can do a lot of tweaking to the Interface.  I still haven't tried their Webmail, but if things turn out good, I might actually switch back from SmarterMail because for me it would be better to have just one platform to support, and I desire IMail's straightforward mailbox format and flexibility in tweaking Webmail.  The way that SmarterMail works by showing messages on a totally different screen than the list of messages makes it impractical for doing spam review in capture accounts (unless you want to click back for every message).  Maybe they will change to a framed format in 3.0, but until they do, I have no choice but to keep IMail. I'm sure that clears a lot of things up :) Matt Marc Catuogno wrote: Matt – thanks again.  I can’t get a download off of the declude page other than the latest version and hot fixes for 1.76-1.82 no 2. versions at all…   I may venture into the 3’s but I am still running IMAIL 8.15 – I’ve been too scared to upgrade either product lately, sad really.  I used to wait about a week before jumping on an upgrade…   Keep hoping smarter mail will pan out, most of my users are on webmail and I hear that it is abysmal on IMAIL 2006 –   Sorry for the rant, but I hate I far behind I feel…     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 9:10 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help   Marc, 2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made.  The only caveat here is that you will have issues on any version of IMail later than 8.15HF2.  2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of. I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not… I have been putting off upgrading till IMAIL and Declude are all at nice stable releases… Any input on what the latest/best working combo  is?   Crap.    Thank you!   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help   ALLOWVULNERABILITIESFROM came in 2.0.  They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher.  I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you – What version of Declude is needed for these “allows”?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help   Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY    OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY    OLCR ALLOWVULNERABILITY    OLSPACEGAP ALLOWVULNERABILITY    OLMIMESEGMIMEPRE ALLOWVULNERABILITY    OLMIMESEGMIMEPOST ALLOWVULNERABILITY    OLLONGFILENAME ALLOWVULNERABILITY    OLBLANKFOLDING ALLOWVULNERABILITY    OBJECTDATA ALLOWVULNERABILITY    OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM   [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test.  What can I tell this person they should do to not have this e-mail get caught?  I don’t want to allow vulnerabilities through but….   01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316] 01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]