Hi, "Test1" (attached SMD file) is a message with a subject but without a body. It is held by Declude Virus with the "Non Standard Header" vulnerability.
However, the SAME message "Test2" WITH a body is let through (see bottom of this posting). The header appears the same - so if the header truly was "non standard", BOTH messages should have been held. The only difference is the lack of a message BODY. 1) Imail Log of "Test 1" 12:21 19:31 SMTPD(5ad901aa000099dd) [71.162.228.88] EHLO sony.home 12:21 19:31 SMTPD(5ad901aa000099dd) Authenticated [EMAIL PROTECTED], session treated as local. 12:21 19:31 SMTPD(5ad901aa000099dd) [71.162.228.88] MAIL FROM:<[EMAIL PROTECTED]> 12:21 19:31 SMTPD(5ad901aa000099dd) [71.162.228.88] RCPT TO:<[EMAIL PROTECTED]> 12:21 19:31 SMTPD(5ad901aa000099dd) [71.162.228.88] D:\IMail\spool\D5ad901aa000099dd.SMD 563 2) Declude Log of "Test 1" 12/21/2007 19:31:25.987 q5ad901aa000099dd.smd Vulnerability flags = 1 12/21/2007 19:31:36.612 q5ad901aa000099dd.smd Non Standard Header Vulnerability 12/21/2007 19:31:36.612 q5ad901aa000099dd.smd Scanned: CONTAINS A VIRUS [MIME: 1 4] 12/21/2007 19:31:36.612 q5ad901aa000099dd.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 71.162.228.88] 12/21/2007 19:31:36.612 q5ad901aa000099dd.smd Subject: TEST 1 12/21/2007 19:31:43.893 q5ad901aa000099dd.smd LAST ACTION: Moving file to virus hold directory: D:\IMAIL\spool\virus 3) "Test 2" message (with a body) passes Declude 12/21/2007 19:31:43.721 q5ada01aa000099df.smd Skipping E-mail from authenticated user [EMAIL PROTECTED]; whitelisted. Received: from sony.home [71.162.228.88] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-9.23) id AADA081C; Fri, 21 Dec 2007 19:31:22 -0500 To: RBL <[EMAIL PROTECTED]> Subject: TEST 2 Reply-To: [EMAIL PROTECTED] From: RBL <[EMAIL PROTECTED]> Organization: RBLevin.net, 484-321-1133, 484-997-1300 Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Date: Fri, 21 Dec 2007 19:31:07 -0500 Message-ID: <[EMAIL PROTECTED]> User-Agent: Opera Mail/9.25 (Win32) X-Declude: Version 4.3.64; Code 0x0 from pool-71-162-228-88.phlapa.fios.verizon.net [71.162.228.88] X-Declude: Triggered [0] Whitelisted Return-path: <[EMAIL PROTECTED]> X-RCPT-TO: <[EMAIL PROTECTED]> X-UIDL: 478726316 X-IMail-ThreadID: 5ada01aa000099df --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
D5ad901aa000099dd.smd
Description: Binary data
