[Declude.Virus] New release

[Sharyn Schmidt]

Title: New release






Hi,


Due to a minor inconvenience called Hurricane Jeanne, we have been offline for about 5 days now.


Can someone please tell me when the newest release was available for download?


Thanks,

Sharyn

Re: [Declude.Virus] New release

[Darin Cox]

Title: New release



Hi Sharyn,
 
Looks like it was yesterday.
 
Our office just came back online yesterday 
afternoon as well.  Hope you didn't have much damage.
Darin.
 
 
- Original Message - 
From: Sharyn 
Schmidt 
To: [EMAIL PROTECTED] 
Sent: Wednesday, September 29, 2004 9:04 AM
Subject: [Declude.Virus] New release

Hi, 
Due to a minor inconvenience called Hurricane Jeanne, 
we have been offline for about 5 days now. 
Can someone please tell me when the newest release 
was available for download? 
Thanks, Sharyn 

RE: [Declude.Virus] New release

[Jeff Maze]

Declude Customers,

Today we have released Declude Version 1.80 which is available to all
customers with a Valid Service Agreement. Please log into your account
www.declude.com/myaccount.asp to download the latest version of the
software.

Some of the most recent enhancements include:

DECLUDE VIRUS

* Detects invalid .ZIP vulnerability. 
* Detects bogus CPL files (Declude Virus Pro). 
* SKIPIFEXT option added for .eml files (IE 'SKIPIFEXT EZIP'). 
* Detection of Microsoft GDIPlus.DLL JPEG vulnerability. 

DECLUDE JUNKMAIL

* CONTSPACES test to detect more than X continuous spaces in the subject. 
* Added NOTCONTAINS, NOTIS filter types. 
* STOPATFIRSTHIT option added to filters (for example, STOPATFIRSTHIT, so
any hit in file will stop further processing of this filter). 
* STOPALLTESTS option added to filters (for example, "BODY STOPALLTESTS
CONTAINS Evil Spammer")
* MINWEIGHTTOFAIL option added to filters (requiring that the filter reach a
certain weight before it will be triggered). 

Thank You for using Declude
www.declude.com

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday, September 29, 2004 9:36 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] New release


Hi Sharyn,
 
Looks like it was yesterday.
 
Our office just came back online yesterday afternoon as well.  Hope you
didn't have much damage.

Darin.
 
 
- Original Message - 
From: Sharyn Schmidt   
To: [EMAIL PROTECTED] 
Sent: Wednesday, September 29, 2004 9:04 AM
Subject: [Declude.Virus] New release


Hi, 

Due to a minor inconvenience called Hurricane Jeanne, we have been offline
for about 5 days now. 

Can someone please tell me when the newest release was available for
download? 

Thanks, 
Sharyn 



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] GDI false Postive

[marc catuogno]

I had a JPG held by declude as:
 X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].

However, this was a JPG sent from one of my users to another.  I seriously
doubt it was infected with anything.  The only thing was that it was sent
from a MAC.

User-Agent: Microsoft-Entourage/10.1.0.2006

Does he need to update his version?  Or is it something else?

Marc

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] GDI false Postive

[R. Scott Perry]

I had a JPG held by declude as:
 X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
However, this was a JPG sent from one of my users to another.  I seriously
doubt it was infected with anything.  The only thing was that it was sent
from a MAC.
User-Agent: Microsoft-Entourage/10.1.0.2006
Does he need to update his version?  Or is it something else?
The problem is that Microsoft decided not to give out any information on 
how to detect the exploit.  The person that discovered the exploit, 
however, provided details on how the exploit could be detected.  There was, 
unfortunately, a flaw in the detection method, causing occasional false 
positives (in our tests, about 1 in 1,000 legitimate JPEG files was getting 
caught as a result).  We are planning to change the detection code to use 
our own (more complex) method.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] GDI false Postive

[Markus Gufler]

> I had a JPG held by declude as:
>  X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
> 
> However, this was a JPG sent from one of my users to another. 
>  I seriously doubt it was infected with anything.  The only 
> thing was that it was sent from a MAC.

After looking in the logfiles I can see a lot of GDIPlus.DLL-vulnerabilities
where sender and recipient are well known to me and it also have seriuos
doubts that this are all real vulnerabilities.

Some of them I know are using MAC's. Other lines in the logfile shows
GDIPlus-Errors with recipients working as graphic designers (and so are
using also MAC's)

Anyone having a MAC and using v1.80 to verify this?

Markus


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] GDI false Postive

[Markus Gufler]

For example there is a message showing up in the logfile as

09/29/2004 16:02:55 Qc07307e2007404eb [Microsoft GDIPlus.DLL JPEG
Vulnerability]
09/29/2004 16:02:55 Qc07307e2007404eb [Microsoft GDIPlus.DLL JPEG
Vulnerability]
09/29/2004 16:02:55 Qc07307e2007404eb [Microsoft GDIPlus.DLL JPEG
Vulnerability]
09/29/2004 16:02:56 Qc07307e2007404eb Found a bogus .jpg file
09/29/2004 16:02:56 Qc07307e2007404eb Found a bogus .jpg file
09/29/2004 16:02:56 Qc07307e2007404eb Found a bogus .jpg file
09/29/2004 16:02:56 Qc07307e2007404eb File(s) are INFECTED [[Microsoft
GDIPlus.DLL JPEG Vulnerability]: 0]
09/29/2004 16:02:56 Qc07307e2007404eb Scanned: CONTAINS A VIRUS [MIME: 10
2230347]
09/29/2004 16:02:56 Qc07307e2007404eb From:xx To:
x [incoming from x.x.x.x]
09/29/2004 16:02:56 Qc07307e2007404eb Subject: xx


What Attacker would use 2 MB images? (or at least 3 images each one having
700 kByte)

Markus



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] GDI false Postive

[marc catuogno]

Thanks-

Both jpgs held were sent by the same person - a graphic designer using a
MAC.  If that helps you change the code.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, September 29, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] GDI false Postive


>I had a JPG held by declude as:
>  X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
>
>However, this was a JPG sent from one of my users to another.  I seriously
>doubt it was infected with anything.  The only thing was that it was sent
>from a MAC.
>
>User-Agent: Microsoft-Entourage/10.1.0.2006
>
>Does he need to update his version?  Or is it something else?

The problem is that Microsoft decided not to give out any information on 
how to detect the exploit.  The person that discovered the exploit, 
however, provided details on how the exploit could be detected.  There was, 
unfortunately, a flaw in the detection method, causing occasional false 
positives (in our tests, about 1 in 1,000 legitimate JPEG files was getting 
caught as a result).  We are planning to change the detection code to use 
our own (more complex) method.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] GDI false Postive

[Mike Wiegers]

Sent a test message with jpg attached from Macintosh Entourage 11.0.0
(040405) and it was not caught.

Mike


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] New release

[Greg Little]

To keep it brief.
Scott has a new JPEG test in Ver. 1.80, but it appears to still have a
flaw.
(Stopping a FEW normal JPEGs, mostly from MACs.)

So, for the next few hours (days?), you can error on the side of
caution or risk.
But when it's fully ready, it's a must have update.

Greg

R. Scott Perry wrote:
The problem is that Microsoft decided not to give out any information
on how to detect the exploit.  The person that discovered the exploit,
however, provided details on how the exploit could be detected.  There
was, unfortunately, a flaw in the detection method, causing
occasional false positives (in our tests, about 1 in 1,000
legitimate JPEG files was getting caught as a result).  We are planning
to change the detection code to use our own (more complex) method. 
  
   -Scott 



Sharyn Schmidt wrote:

  
  
  New release

  Can someone please tell me when the
newest release was available for download?
  





---
[This E-mail scanned for viruses by Findlay Internet]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Virusscan and jpeg detection -PANALYZE or not

[Scott Fisher]

An explanation of why some needed the switch and 
others may not have:
 
From: http://vil.nai.com/vil/content/v_128461.htm
The 4395 DAT files no longer require that McAfee anti-virus products are 
configured to scan with program heuristics enabled to detect this 
threat.

Re: [Declude.Virus] GDI false Postive

[Marc]

I have found 5 false positives over the last 24 hours. Arrghh! 3 came from a
local photographer sending photos to a local newspaper. FWIW, he was using
an Apple. The other 2 came from a user receiving pic's from
picturecd.kodak.com.

-M


- Original Message - 
From: marc catuogno
To: [EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 10:19 AM
Subject: [Declude.Virus] GDI false Postive



I had a JPG held by declude as:
 X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Request for per-domain configuration

[William Stillwell]

From: David Sullivan
Subject: Re[2]: [Declude.Virus] Request for per-domain configuration
Date: Wed, 31 Mar 2004 11:37:11 -0800

DC> Hmmm...I hate having to turn off the footer for everyone just because 
of one
DC> customers.  Haven't run into it yet myself, but some people on this 
list
DC> will probably run into the problem with having to pass encrypted zips 
for
DC> one customer while banning them for everyone else...or similar 
requests for
DC> other files... so how about this...

DC> Add support for domain-specific configuration files.  This would allow 
not
DC> only removing the footer on a domain basis, but also skipping/banning 
of
DC> files, deletion of viruses,  and potentially even virus codes (such as 
the
DC> F-Prot virus code 8 for suspicious files) to be configurable by 
domain.

Realize this is an old thread but thought I'd throw my $.02 in.
Declude JM/AV have both been indispensable especially of late.  The
only gripe I have is the lack of per domain/user configurations in AV.
With 600+ domains, we often have to make the decision between losing a
customer or making the entire system less secure.  Would really love
to see more granular config options especially in the vulnerability
and extension categories.
--
Best regards,
 Davidmailto:[EMAIL PROTECTED]

I have been running Declude, and just recently upgraded Standard to Pro 
thinking
this was part of the "Pro" version only. I have 12 domains, and need to 
customize
the virus.cfg for one domain..  and well, I am not to thrilled I can't make 
a custom
modification becuase declude only has one setting for all domains.

William Stillwell
Palm Harbor, FL 34684
---
This email has been scanned for possible viruses by Declude Antivirus.
For more information on Declude Antivirus, Visit www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] JPEG Vulnerability

[Doug Anderson]

Could someone please explain what this Microsoft GDIPlus.DLL JPEG
Vulnerability is?
Are all JPEG's vulnerable or just some with a bad format?

The company I work for does a lot of graphics work and people email jpegs
around. A few have been caught and I'm trying to understand why. I'm
assuming (yes I shouldn't do that) that more are sent then are caught.
Anyone got a good explaination?


*Scanned for viruses by Declude Virus*

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] JPEG Vulnerability

[Donn Bly]

The best writeup I have found so far is at 
http://www.bleepingcomputer.com/forums/topict3077.html

BTW, while the bug is in the decoding of the jpeg files, the jpeg file can be renamed 
to a variety of extensions and still activate the vulnerability.  As such, the 
following can be now considered "dangerous" extensions:

.jpg
.jpeg
.jpe
.jfif
.bmp
.dib
.emf
.gif
.ico
.png
.rle
.tif
.tiff
.wmf

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Doug Anderson
> Sent: Wednesday, September 29, 2004 5:50 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] JPEG Vulnerability
> 
> 
> Could someone please explain what this Microsoft GDIPlus.DLL JPEG
> Vulnerability is?
> Are all JPEG's vulnerable or just some with a bad format?
> 
> The company I work for does a lot of graphics work and people 
> email jpegs
> around. A few have been caught and I'm trying to understand why. I'm
> assuming (yes I shouldn't do that) that more are sent then are caught.
> Anyone got a good explaination?
> 
> 
> *Scanned for viruses by Declude Virus*
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus 
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
> 
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] JPEG Vulnerability

[R. Scott Perry]

Could someone please explain what this Microsoft GDIPlus.DLL JPEG
Vulnerability is?
It is the most serious exploit ever discovered that viruses can use.
Specifically, it allows viruses to spread in JPEG files, something nobody 
previously thought possible.  Fortunately, it only can work on unpatched 
computers.  But most computers are unpatched, and patching them can range 
from easy to difficult to impossible, depending on the circumstances.

Are all JPEG's vulnerable or just some with a bad format?
Only JPEG files that are created maliciously are a problem.  But there have 
already been some sent out.

The company I work for does a lot of graphics work and people email jpegs
around. A few have been caught and I'm trying to understand why. I'm
assuming (yes I shouldn't do that) that more are sent then are caught.
That's because Microsoft screwed up, and gave out an algorithm for 
detecting the exploit that has false positives.  We plan to have full JPEG 
analysis soon, to work around this (with absolutely no code from Microsoft 
in it ).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] JPEG Vulnerability

[Peter Lowish]

Scott 

Started to appear here in NZ now. We have just seen the first one sent by a
local person to a recipient using our server 

It seems to me that if the PC is infected, that every jpg they send by email
also contains the vulnerability - correct?

Ta
Peter

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, 30 September 2004 11:07 a.m.
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] JPEG Vulnerability


>Are all JPEG's vulnerable or just some with a bad format?

Only JPEG files that are created maliciously are a problem.  But there have
already been some sent out.


-Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] JPEG Vulnerability

[John Tolmachoff \(Lists\)]

> That's because Microsoft screwed up, and gave out an algorithm for
> detecting the exploit that has false positives.  We plan to have full JPEG
> analysis soon, to work around this (with absolutely no code from Microsoft
> in it ).

Scott, I have seen some false positives in files that were created-what not
on a PC, not on a MAC. Do you want a copy of these?

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] JPEG Vulnerability

[R. Scott Perry]

Scott, I have seen some false positives in files that were created-what not
on a PC, not on a MAC. Do you want a copy of these?
No.  I expect that our algorithm will work perfectly.  
   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] JPEG Vulnerability

[R. Scott Perry]

It seems to me that if the PC is infected, that every jpg they send by email
also contains the vulnerability - correct?
It isn't yet known what viruses using this exploit may do.  It might send 
out E-mails directly, attach itself as JPEG files to E-mails being sent out 
manually, etc.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] JPEG Vulnerability

[John Tolmachoff \(Lists\)]

> >Scott, I have seen some false positives in files that were created-what
not
> >on a PC, not on a MAC. Do you want a copy of these?
> 
> No.  I expect that our algorithm will work perfectly.  

Shucks, too late. Just sent some to virus trap. ;)

What is interesting on the ones I sent is the header. I have never seen
those header lines before. What are they from?

Also, I have noticed 8 other D files that contain that header and held for
the JPEG vulnerability. (I have not received any request for requeue, but
Real Estate agents are not the sharpest bunch.) 

I also say a couple others held that did not contain that header string.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] JPEG Vulnerability

[Doug Anderson]

Ok...
Declude virus does the detection.
If a jpeg is attached/embedded in the email, the email will be flagged as
having the vulnerability whether it's actually infected or not.

Correct?
If the sending pc, it's dll's, and software are updated with Microsoft's
patch will the embedded jpg still be flagged as vulnerable?


- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 29, 2004 6:07 PM
Subject: Re: [Declude.Virus] JPEG Vulnerability


>
> >Could someone please explain what this Microsoft GDIPlus.DLL JPEG
> >Vulnerability is?
>
> It is the most serious exploit ever discovered that viruses can use.
>
> Specifically, it allows viruses to spread in JPEG files, something nobody
> previously thought possible.  Fortunately, it only can work on unpatched
> computers.  But most computers are unpatched, and patching them can range
> from easy to difficult to impossible, depending on the circumstances.
>
> >Are all JPEG's vulnerable or just some with a bad format?
>
> Only JPEG files that are created maliciously are a problem.  But there
have
> already been some sent out.
>
> >The company I work for does a lot of graphics work and people email jpegs
> >around. A few have been caught and I'm trying to understand why. I'm
> >assuming (yes I shouldn't do that) that more are sent then are caught.
>
> That's because Microsoft screwed up, and gave out an algorithm for
> detecting the exploit that has false positives.  We plan to have full JPEG
> analysis soon, to work around this (with absolutely no code from Microsoft
> in it ).
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Ultra reliable virus detection and the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> *Scanned for viruses by Declude Virus*
>
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.