I am running 4.0.9.4

I will also not upgrade to a newer version due to unacceptable licensing enforcement issues.

Thanks,

Matt



Darrell ([EMAIL PROTECTED]) wrote:
What version are you running Matt in version 3.0.5.20 they fixed a ms-tnef issue with winmail.dat.
 
This might be the issue you are seeing.

Darrell
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers.
----- Original Message -----
From: Matt
Sent: Tuesday, July 18, 2006 7:48 PM
Subject: [Declude.Virus] Invalid file types triggering on an invalid file type

I found a message blocked for an "Invalid ZIP Vulnerability", but it doesn't have a zip attachment.  The only attachment on this message is a winmail.dat.  While that winmail.dat file clearly contains data of some sort, I am pretty certain that it is triggering vulnerabilities inappropriately, and I am positive that this message was not a virus.

My Declude Virus logs are showing both the Invalid ZIP Vulnerability and a bogus .jpg file.  I would like to turn this detection off.  Is there a switch to turn off this detection?

Detail follows:

HEADERS FROM THE SINGLE ATTACHMENT
=================================================================
------=_NextPart_000_0056_01C6A9CF.4BDDA860
Content-Type: application/ms-tnef;
    name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
    filename="winmail.dat"


VIRUS LOG ENTRIES
=================================================================
07/17/2006 06:32:40.488 q674000a20000e465.smd Vulnerability flags = 862
07/17/2006 06:32:40.566 q674000a20000e465.smd MIME file: winmail.dat [base64; Length=2312012 Checksum=33270092]
07/17/2006 06:32:40.800 q674000a20000e465.smd Virus scanner 1 reports exit code of 0
07/17/2006 06:32:41.253 q674000a20000e465.smd Virus scanner 2 reports exit code of 0
07/17/2006 06:32:41.253 q674000a20000e465.smd Found a bogus .jpg file
07/17/2006 06:32:41.253 q674000a20000e465.smd Invalid ZIP Vulnerability
07/17/2006 06:32:41.253 q674000a20000e465.smd Found a bogus .Zip file
07/17/2006 06:32:41.253 q674000a20000e465.smd File(s) are INFECTED [[Invalid ZIP Vulnerability]: 0]
07/17/2006 06:32:41.253 q674000a20000e465.smd Scanned: CONTAINS A VIRUS [MIME: 7 2314810]
07/17/2006 06:32:41.269 q674000a20000e465.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from ##.##.48.210]
07/17/2006 06:32:41.269 q674000a20000e465.smd Subject: FW: M341092022 / M341092023


Thanks,

Matt

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

Reply via email to