Well my bad.. The one I thought I was referring to was: http://www.theregister.co.uk/content/56/34911.html Makes me wonder why the email server's software, imail, declude, and f-prot didn't catch it? I didn't click on anything.. The av scanned it and cleaned it. It went by pretty quick when it displayed the virus found info.. And I don't save the email once it's disinfected.
But in either case, Thanks Matt. ~Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, January 15, 2004 11:50 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] URLSpoof contained within an RTF Doc Rick, The error that you reported from Panda is described by Panda as follows: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=4 3353&sind=0 "Exploit/URLSpoof is a vulnerability exploit. It is not categorized as a virus, worm or Trojan. To be more precise, it is code written in the HTML language, which is included in the body of a message or of a web page in order to exploit a vulnerability in the browser Internet Explorer." This particular "exploit" was discovered in late December and it consists of a URL encoded non-printing character in a link which can cause IE to not display the actual URL of the site after following the link. Here's the page of the site that explains it: http://www.zapthedingbat.com/security/ex01/vun1.htm I'd post an example, but I wouldn't want to trip Panda and cause you to not be able to see a legitimate message :) If you're using Declude JunkMail Pro v1.77i7+, you can generally protect your customers from such things with the following filters (as well as others of course): http://www.mailpure.com/software/decludefilters/zapthedingbat/ZapTheDingbat_ v2-1-0.zip http://www.mailpure.com/software/decludefilters/obfuscation/Obfuscation_v2-1 -0.zip I think what both I and Scott were suggesting was that antivirus programs should be used to protect computers from viruses and not to protect people from their own lack of judgment in clicking on obfuscated links, or prevent people like us from discussing such techniques. I hope that AV companies stay away from policing content and stick to programs and scripts. Your original post spoke about a RTF document with an error that corresponded directly to what is described above. I'm not sure where the stuff about mimail.b, zip files and trojans comes from or how it relates. Matt ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
