RE: [Declude.JunkMail] attachments ending in .text
Go to your room! This is weird. The virus detector is catching it as it says there is no file extension so it assumes the extension to be .exe. Aha! 12/10/2002 11:03:03 Q1e400d65014a69ab Found file with mismatched extensions [AR.B.S.ARB-AR.B.S.ARB]; assuming .exe The problem here is that they are doing something funky and using 2 different file extensions: Content-Type: text/plain; name="AR.B.S.ARBCA2.FILE06.txt" Content-Disposition: attachment; filename="AR.B.S.ARBCA2.FILE06.TEXT" One has a .txt extension, the other has a .text extension. The program he is using to send the E-mail is not working properly, and needs to be fixed. Although the .txt and .text extensions are safe, Outlook has a vulnerability that can cause it to use the "wrong" extension in a case like this, which can cause a virus to slip through undetected (unless it is caught as a vulnerability). Your customer needs to change it so that *both* instances of the filename use the .text extension. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Go to your room! This is weird. The virus detector is catching it as it says there is no file extension so it assumes the extension to be .exe. 12/10/2002 11:03:03 Q1e400d65014a69ab Found file with mismatched extensions [AR.B.S.ARB-AR.B.S.ARB]; assuming .exe 12/10/2002 11:03:03 Q1e400d65014a69ab Got disp name=AR.B.S.ARBCA2.FILE01.TEXT [MimeName=mismatched.exe]. 12/10/2002 11:03:03 Q1e400d65014a69ab Scanned: Banned file extension. [MIME: 2 475831] However when I look at the file name I see where it is extremely long but does in fact have an ext of .text --MIME-Boundary-1039539809 Content-Type: text/plain; name="AR.B.S.ARBCA2.FILE06.txt" Content-Disposition: attachment; filename="AR.B.S.ARBCA2.FILE06.TEXT" Content-Transfer-Encoding: Base64 Content-Description: AR.B.S.ARBCA2.FILE06 I guess I need to go back to driving as I sure do not understand this. Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Tuesday, December 10, 2002 19:34 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] attachments ending in .text >...hopefully the correct one...LOL All answers are assumed correct until proven otherwise. Kind of like, if you can't find it, grind it. :)) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- <>
RE: [Declude.JunkMail] attachments ending in .text
>...hopefully the correct one...LOL All answers are assumed correct until proven otherwise. Kind of like, if you can't find it, grind it. :)) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Thanks, I'll look into it and come up with an answer of some kind...hopefully the correct one...LOL Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, December 10, 2002 19:24 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] attachments ending in .text >Yes, the only thing I can see in the log file is where an incorrect >address is entered, then it doesn't get delivered. Other than that it >just says server whitelisted. If the Declude JunkMail log file entry says that it is whitelisted, then the E-mail shouldn't be caught by Declude JunkMail (meaning that it is getting caught for some other reason, such as an IMail rule, or through Declude Virus). Have you checked the IMail log file? If the E-mail is delivered, you should see both "SMTPD" lines showing the E-mail being received, and "SMTP" or "SMTP-" lines showing the E-mail being delivered. If it is delivered, the fault doesn't lie on your end; if it is not delivered, then you will know to investigate further. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Yes, the only thing I can see in the log file is where an incorrect address is entered, then it doesn't get delivered. Other than that it just says server whitelisted. If the Declude JunkMail log file entry says that it is whitelisted, then the E-mail shouldn't be caught by Declude JunkMail (meaning that it is getting caught for some other reason, such as an IMail rule, or through Declude Virus). Have you checked the IMail log file? If the E-mail is delivered, you should see both "SMTPD" lines showing the E-mail being received, and "SMTP" or "SMTP-" lines showing the E-mail being delivered. If it is delivered, the fault doesn't lie on your end; if it is not delivered, then you will know to investigate further. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Yes, the only thing I can see in the log file is where an incorrect address is entered, then it doesn't get delivered. Other than that it just says server whitelisted. They are using a very antiquated main frame to send this mail. Could it be it does not support a long extension? I knew the newer DOS would accept a long file name but I wasn't aware it would accept an extension longer than 3 characters... Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, December 10, 2002 18:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] attachments ending in .text >I have a client complaining about some emails being blocked. What is >weird is the particular mainframe that sends the emails in question is >whitelisted. Have you checked the Declude log file(s) to see what happens to his E-mail? >Now he tells me all emails go through with a .txt >extension but any with a .text does not. That is really odd... >Have I forgot DOS again? Doesn't dos require a 3 character extension? DOS used to require a 3 character extension, but the latest versions of DOS (the ones that come with Windows) do have some support for long filenames. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] attachments ending in .text
I have a client complaining about some emails being blocked. What is weird is the particular mainframe that sends the emails in question is whitelisted. Have you checked the Declude log file(s) to see what happens to his E-mail? Now he tells me all emails go through with a .txt extension but any with a .text does not. That is really odd... Have I forgot DOS again? Doesn't dos require a 3 character extension? DOS used to require a 3 character extension, but the latest versions of DOS (the ones that come with Windows) do have some support for long filenames. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
