Hi Ferrell,
I can assure you that the MIME segment in MIME Postamble Vulnerability is
triggering correctly.
This vulnerability occurs when it appears as though a MIME segment is occurring
after the end of the MIME body (specifically, a MIME segment with a boundary
other than the one specified appears in the MIME postamble). Outlook may see
this as an attachment. Although technically valid, there is no legitimate
reason for an E-mail to be sent like this. When a virus uses this type of
vulnerability, it will bypass a standard mail server virus scanner, and get
delivered to the recipient.
You have several options:
1. Disable the MIME segment in MIME Postamble Vulnerability check altogether.
In the virus.cfgALLOWVULNERABILITY MIMESEGMIMEPOST
2. Allow all vulnerabilities FROM a specific email address or domain
ALLOWVULNERABILITIESFROM exam...@example.com
3. Allow all vulnerabilities TO a specific email address or domain
ALLOWVULNERABILITIESTO exam...@example.com
Unfortunately there is not a way to allow an IP range.
David
-Original Message-
From: Ferrell Ard [mailto:ferr...@badpuppy.com]
Sent: Thursday, November 03, 2011 9:02 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] MIME segment in MIME Postamble
We are seeing quite a few email's being caught as VIRUS by
X-Declude-Virus: Detected [Outlook 'MIME segment in MIME Postamble'
Vulnerability] [from IP 173.227.130.61 (mail.politics1.com)].
The email DOES have (at the end)
--Boundary-00=_TY255O4SHK9FB43NIKKB--
--Boundary-00=_TY25HSX59YWNJLA59R1V--
Is there a way to ALLOW this from a given IP range?
ex 173.227.130.0 255.255.255.0
Thanks very much
Ferrell Ard
---
This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just
send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.