subject:"\[Declude.JunkMail\] MIME segment in MIME Postamble"

[Declude.JunkMail] MIME segment in MIME Postamble

2011-11-03 Thread Ferrell Ard

We are seeing quite a few email's being caught as VIRUS by
X-Declude-Virus: Detected [Outlook 'MIME segment in MIME Postamble'
Vulnerability] [from IP 173.227.130.61 (mail.politics1.com)].

The email DOES have (at the end)
--Boundary-00=_TY255O4SHK9FB43NIKKB--
--Boundary-00=_TY25HSX59YWNJLA59R1V--

Is there a way to ALLOW this from a given IP range?
ex 173.227.130.0   255.255.255.0

Thanks very much
Ferrell Ard




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] MIME segment in MIME Postamble

2011-11-03 Thread David Barker

Hi Ferrell,

I can assure you that the MIME segment in MIME Postamble Vulnerability is 
triggering correctly.

This vulnerability occurs when it appears as though a MIME segment is occurring 
after the end of the MIME body (specifically, a MIME segment with a boundary 
other than the one specified appears in the MIME postamble). Outlook may see 
this as an attachment. Although technically valid, there is no legitimate 
reason for an E-mail to be sent like this. When a virus uses this type of 
vulnerability, it will bypass a standard mail server virus scanner, and get 
delivered to the recipient.

You have several options:

1. Disable the MIME segment in MIME Postamble Vulnerability check altogether.  
In the virus.cfgALLOWVULNERABILITY   MIMESEGMIMEPOST
2. Allow all vulnerabilities FROM a specific email address or domain  
ALLOWVULNERABILITIESFROM   exam...@example.com
3. Allow all vulnerabilities TO a specific email address or domain  
ALLOWVULNERABILITIESTO   exam...@example.com

Unfortunately there is not a way to allow an IP range.

David


-Original Message-
From: Ferrell Ard [mailto:ferr...@badpuppy.com]
Sent: Thursday, November 03, 2011 9:02 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] MIME segment in MIME Postamble

We are seeing quite a few email's being caught as VIRUS by
X-Declude-Virus: Detected [Outlook 'MIME segment in MIME Postamble'
Vulnerability] [from IP 173.227.130.61 (mail.politics1.com)].

The email DOES have (at the end)
--Boundary-00=_TY255O4SHK9FB43NIKKB--
--Boundary-00=_TY25HSX59YWNJLA59R1V--

Is there a way to ALLOW this from a given IP range?
ex 173.227.130.0   255.255.255.0

Thanks very much
Ferrell Ard




---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just 
send an E-mail to imail...@declude.com, and type unsubscribe 
Declude.JunkMail.  The archives can be found at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] MIME segment in MIME Postamble

RE: [Declude.JunkMail] MIME segment in MIME Postamble

2 matches

Site Navigation

Mail list logo

Footer information