[Declude.Virus] Interim .62 triggered Blank Folding on this one and other emails
Other emails from this same Thunderbird 2.0.0.6 user, using the same smtp relays, were also blocked. File: "[No attachment]" Result: Found[Outlook 'Blank Folding' Vulnerability] -Original Message Headers- Received: from smtp.webhost.hm-software.com [63.107.174.32] by hm-software.com with ESMTP (SMTPD-9.21) id ACE40380; Thu, 04 Oct 2007 22:09:40 -0400 Received: from s-utl02-dcpop.stsn.net ([72.255.0.202]) by smtp.webhost.hm-software.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 4 Oct 2007 22:09:37 -0400 Received: from s-utl02-dcpop.stsn.net ([127.0.0.1]) by s-utl02-dcpop.stsn.net (SMSSMTP 4.1.2.20) with SMTP id M2007100422091506156 ; Thu, 04 Oct 2007 22:09:15 -0400 X-Spam-Status: No, hits=0.0 required=9.9 tests=ALL_TRUSTED: -2.867,AWL: 0.172,BAYES_00: -1.665, SARE_FREE_WEBM_Usa: 0.077 X-Spam-Level: Received: from [127.0.0.1] ([10.26.87.211]) by s-utl02-dcpop.stsn.net; Thu, 4 Oct 2007 22:09:14 -0400 Message-ID: <[EMAIL PROTECTED]> Date: Thu, 04 Oct 2007 22:08:59 -0400 From: David Moskowitz <[EMAIL PROTECTED]> User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: [EMAIL PROTECTED] CC: Rich Levin <[EMAIL PROTECTED]> Subject: firewall rejection of RBL mail Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 05 Oct 2007 02:09:37.0529 (UTC) FILETIME=[C7E17E90:01C806F4] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I reverted to .57 and had someone resent an email with Attachment from Lotus Notes and this time it went through. So - the answer is "yes", the problem goes away with .57. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Thanks for the feedback we are looking at it as #1 priority at the moment. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 2:09 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Dave, The Blank Folding Vulnerability is ALSO causing false positives (but not as many as the Postamble one). I'll send you ANOTHER email with Blank Folding false positives in about 5 minutes. I have to back this release out - something majorly wrong with it. Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! > -Original Message Headers- > Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by > Mail.Webhost.HM-Software.com > (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 > Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 > - > X-YMail-OSG: > gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P > haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- > Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via > HTTP; Thu, 04 Oct 2007 15:23:21 PDT > X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 > Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) > From: Dorene D Robinson <[EMAIL PROTECTED]> > Subject: Fw: Our Virus Firewall has Rejected Your Email! > To: Michael Page <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="0-1745477977-1191536601=:15605" > Message-ID: <[EMAIL PROTECTED]> Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Dave, The Blank Folding Vulnerability is ALSO causing false positives (but not as many as the Postamble one). I'll send you ANOTHER email with Blank Folding false positives in about 5 minutes. I have to back this release out - something majorly wrong with it. Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! > -Original Message Headers- > Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by > Mail.Webhost.HM-Software.com > (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 > Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 > - > X-YMail-OSG: > gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P > haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- > Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via > HTTP; Thu, 04 Oct 2007 15:23:21 PDT > X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 > Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) > From: Dorene D Robinson <[EMAIL PROTECTED]> > Subject: Fw: Our Virus Firewall has Rejected Your Email! > To: Michael Page <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="0-1745477977-1191536601=:15605" > Message-ID: <[EMAIL PROTECTED]> Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi, Okay, just sent it a moment ago. It effects ebay notifications, UPS notifications, Dell's newsletters - lots of things that usually go through. But also tons of individual person-to-person emails - I have about 500 of them before I turned it off. Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 12:39 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Send them directly to me. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 12:15 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I have not reverted to .57, I have disabled this vulnerability in the Virus.cfg for now to see what other issues I might uncover. (There was a false positive reported last night for a different vulnerability for mail send by Netscapes mail applet, but I haven't firmed that one up yet). If you like me to, I have an archive of held Postamble MIME files that are LEGITIMATE (some of them are automatically created emails that our clients used to get all the time) and zip them up to you? If so, which email do you want me to use? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Send them directly to me. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 12:15 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I have not reverted to .57, I have disabled this vulnerability in the Virus.cfg for now to see what other issues I might uncover. (There was a false positive reported last night for a different vulnerability for mail send by Netscapes mail applet, but I haven't firmed that one up yet). If you like me to, I have an archive of held Postamble MIME files that are LEGITIMATE (some of them are automatically created emails that our clients used to get all the time) and zip them up to you? If so, which email do you want me to use? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I have not reverted to .57, I have disabled this vulnerability in the Virus.cfg for now to see what other issues I might uncover. (There was a false positive reported last night for a different vulnerability for mail send by Netscapes mail applet, but I haven't firmed that one up yet). If you like me to, I have an archive of held Postamble MIME files that are LEGITIMATE (some of them are automatically created emails that our clients used to get all the time) and zip them up to you? If so, which email do you want me to use? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Question regarding Whitelist
No, Whitelisting only applies to Junkmail. Mail that is whitelisted will still be virus scanned. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Jon Lucas wrote: If a domain is whitelisted, does Declude bypass the virus filtering and allow the email to pass through? Jon Lucas Poly-Cast, Inc. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Our previous version is 4.3.46 and it work fine except for the "Outlook space Gap Issue". I have not loaded any of the other interims to be able to test them. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 7:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 10:45 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi Dave, Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was getting reports from people using VARIOUS email systems (not limited to Yahoo's mail service), that just happened to be the one that I had at my finger tips. I can also say that it happened to people sending mail from Lotus Notes 6. I worked with the Tech Guy at the client's client and he tried to send me simply emails with a zip or PDF attachment and nothing got past 4.3.62. File: "[No attachment]" Result: Found[Outlook 'MIME segment in MIME Postamble' Vulnerability] -Original Message Headers- Received: from DOMSVR1.L***.COM [***.26.122.219] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-9.21) id A46A0358; Thu, 04 Oct 2007 14:43:54 -0400 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Riverside Quote P/N: 147329 MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005 Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Date: Thu, 4 Oct 2007 13:43:36 -0500 X-MIMETrack: Serialize by Router on DOMSVR1/domino(Release 6.5.6|March 06, 2007) at 10/04/2007 13:43:38 Content-Type: multipart/mixed; boundary="=_mixed 0066DE538625736A_=" --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Question regarding Whitelist
No whitelisted is only for JM. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon Lucas Sent: Friday, October 05, 2007 10:46 AM To: declude.virus@declude.com Subject: [Declude.Virus] Question regarding Whitelist If a domain is whitelisted, does Declude bypass the virus filtering and allow the email to pass through? Jon Lucas Poly-Cast, Inc. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 10:45 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi Dave, Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was getting reports from people using VARIOUS email systems (not limited to Yahoo's mail service), that just happened to be the one that I had at my finger tips. I can also say that it happened to people sending mail from Lotus Notes 6. I worked with the Tech Guy at the client's client and he tried to send me simply emails with a zip or PDF attachment and nothing got past 4.3.62. File: "[No attachment]" Result: Found[Outlook 'MIME segment in MIME Postamble' Vulnerability] -Original Message Headers- Received: from DOMSVR1.L***.COM [***.26.122.219] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-9.21) id A46A0358; Thu, 04 Oct 2007 14:43:54 -0400 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Riverside Quote P/N: 147329 MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005 Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Date: Thu, 4 Oct 2007 13:43:36 -0500 X-MIMETrack: Serialize by Router on DOMSVR1/domino(Release 6.5.6|March 06, 2007) at 10/04/2007 13:43:38 Content-Type: multipart/mixed; boundary="=_mixed 0066DE538625736A_=" --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi Dave, Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was getting reports from people using VARIOUS email systems (not limited to Yahoo's mail service), that just happened to be the one that I had at my finger tips. I can also say that it happened to people sending mail from Lotus Notes 6. I worked with the Tech Guy at the client's client and he tried to send me simply emails with a zip or PDF attachment and nothing got past 4.3.62. File: "[No attachment]" Result: Found[Outlook 'MIME segment in MIME Postamble' Vulnerability] -Original Message Headers- Received: from DOMSVR1.L***.COM [***.26.122.219] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-9.21) id A46A0358; Thu, 04 Oct 2007 14:43:54 -0400 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Riverside Quote P/N: 147329 MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005 Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Date: Thu, 4 Oct 2007 13:43:36 -0500 X-MIMETrack: Serialize by Router on DOMSVR1/domino(Release 6.5.6|March 06, 2007) at 10/04/2007 13:43:38 Content-Type: multipart/mixed; boundary="=_mixed 0066DE538625736A_=" --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Question regarding Whitelist
If a domain is whitelisted, does Declude bypass the virus filtering and allow the email to pass through? Jon Lucas Poly-Cast, Inc. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
We are looking into this code, are you sure it is 4.3.62 and not a change with YahooMailWebService? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! > -Original Message Headers- > Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by > Mail.Webhost.HM-Software.com > (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 > Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 > - > X-YMail-OSG: > gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P > haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- > Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via > HTTP; Thu, 04 Oct 2007 15:23:21 PDT > X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 > Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) > From: Dorene D Robinson <[EMAIL PROTECTED]> > Subject: Fw: Our Virus Firewall has Rejected Your Email! > To: Michael Page <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="0-1745477977-1191536601=:15605" > Message-ID: <[EMAIL PROTECTED]> Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi Kevin, thanks. To save me and my customers frustration - is it limited to that one vulnerability - or are other's involved that I should disable proactively (or reverse to the previous build)? Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Friday, October 05, 2007 3:15 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I reported this to declude. They are working on it. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 6:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! > -Original Message Headers- > Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by > Mail.Webhost.HM-Software.com > (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 > Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 > - > X-YMail-OSG: > gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P > haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- > Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via > HTTP; Thu, 04 Oct 2007 15:23:21 PDT > X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 > Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) > From: Dorene D Robinson <[EMAIL PROTECTED]> > Subject: Fw: Our Virus Firewall has Rejected Your Email! > To: Michael Page <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="0-1745477977-1191536601=:15605" > Message-ID: <[EMAIL PROTECTED]> Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I reported this to declude. They are working on it. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 6:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! > -Original Message Headers- > Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by > Mail.Webhost.HM-Software.com > (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 > Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 > - > X-YMail-OSG: > gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P > haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- > Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via > HTTP; Thu, 04 Oct 2007 15:23:21 PDT > X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 > Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) > From: Dorene D Robinson <[EMAIL PROTECTED]> > Subject: Fw: Our Virus Firewall has Rejected Your Email! > To: Michael Page <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="0-1745477977-1191536601=:15605" > Message-ID: <[EMAIL PROTECTED]> Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Out of the Office
I will be out of the office on vacation from October 1st through October 5th, returning on Monday, October 8th. If you require immediate assistance, please send an email to [EMAIL PROTECTED] or call David Barker at 1-866-332-5833 Ext.7007. Thank you. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
