Ruben,
In your Virus.cfg file, add the following line:
ALLOWVULNERABILITY OLBLANKFOLDING
This will turn off this vulnerability detection. There have been no
viruses that I know of that have exploited this flaw, and it is quite
possible that this flaw no longer exists since it is around 5 years old
now. You might also want to consider turning off other vulnerability
detections due to the propensity of them hitting legitimate E-mail.
Here's a list:
BANPARTIAL OFF
ALLOWVULNERABILITY OLCR
ALLOWVULNERABILITY OLSPACEGAP
ALLOWVULNERABILITY OLMIMESEGMIMEPRE
ALLOWVULNERABILITY MIMESEGMIMEPOST
ALLOWVULNERABILITY OLLONGFILENAME
ALLOWVULNERABILITY OLBLANKFOLDING
ALLOWVULNERABILITY OBJECTDATA
ALLOWVULNERABILITY OLBOUNDARYSPACEGAP
ALLOWVULNERABILITY OLMIMEHEADER
ALLOWVULNERABILITY OLLONGBOUNDARY
Matt
Mon Mariola - Rubén wrote:
The program "incredimail" generates subjects, in certain cases, ended
with "0D 0A 09 0D 0A." These messages are captured by Declude virus
like "Outlook 'Blank Folding' Vulnerability". I want to send a letter
requesting to technical support solve this problem, but I really do
not see the point 3.2.3 in RFC 822 indicating that this is not allowed.
Thank you.
Ruben Marti.
Mon Mariola, S.L.
From Declude manual:
Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when
there is a line in the headers with just a single space or a single
tab character. Outlook can treat this as the end of the headers,
allowing it to see a virus that is embedded in the headers. RFC822
3.2.3 says that it is not valid to have such lines, nor is there any
legitimate reason for an E-mail to contain a blank line in the headers
with a single space or tab (note that it is OK to have a line with a
single space or tab in the E-mail body, just not the headers).
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
