[Declude.JunkMail] Outlook 'Blank Folding' Vulnerability
The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Outlook 'Blank Folding' Vulnerability
The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability
Ruben, In your Virus.cfg file, add the following line: ALLOWVULNERABILITYOLBLANKFOLDING This will turn off this vulnerability detection. There have been no viruses that I know of that have exploited this flaw, and it is quite possible that this flaw no longer exists since it is around 5 years old now. You might also want to consider turning off other vulnerability detections due to the propensity of them hitting legitimate E-mail. Here's a list: BANPARTIALOFF ALLOWVULNERABILITYOLCR ALLOWVULNERABILITYOLSPACEGAP ALLOWVULNERABILITYOLMIMESEGMIMEPRE ALLOWVULNERABILITYMIMESEGMIMEPOST ALLOWVULNERABILITYOLLONGFILENAME ALLOWVULNERABILITYOLBLANKFOLDING ALLOWVULNERABILITYOBJECTDATA ALLOWVULNERABILITYOLBOUNDARYSPACEGAP ALLOWVULNERABILITYOLMIMEHEADER ALLOWVULNERABILITYOLLONGBOUNDARY Matt Mon Mariola - Rubén wrote: The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability
Matt, So far, the only case where I find this vulnerability is in the mail sent from the program Incredimail. If these lines are actually prohibited in RFC, it is safer to seek Incredimail technical support to solve your problem. But I fear that the explanation in Declude manual is false and that there is a section in RFC that says clearly that these lines are not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. - Original Message - From: Matt To: declude.virus@declude.com Sent: Monday, December 03, 2007 4:15 PM Subject: Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability Ruben, In your Virus.cfg file, add the following line: ALLOWVULNERABILITYOLBLANKFOLDING This will turn off this vulnerability detection. There have been no viruses that I know of that have exploited this flaw, and it is quite possible that this flaw no longer exists since it is around 5 years old now. You might also want to consider turning off other vulnerability detections due to the propensity of them hitting legitimate E-mail. Here's a list: BANPARTIALOFF ALLOWVULNERABILITYOLCR ALLOWVULNERABILITYOLSPACEGAP ALLOWVULNERABILITYOLMIMESEGMIMEPRE ALLOWVULNERABILITYMIMESEGMIMEPOST ALLOWVULNERABILITYOLLONGFILENAME ALLOWVULNERABILITYOLBLANKFOLDING ALLOWVULNERABILITYOBJECTDATA ALLOWVULNERABILITYOLBOUNDARYSPACEGAP ALLOWVULNERABILITYOLMIMEHEADER ALLOWVULNERABILITYOLLONGBOUNDARY Matt Mon Mariola - Rubén wrote: The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability
Disable it and be done with it. There is no option to partially support the issue, and the issue is very likely not a threat. Just because something isn't RFC compliant doesn't mean that it is a threat. The vulnerability was from Outlook displaying attachments that were hidden by bad encoding, but that flaw was likely patched, or at least it has not been exploited in mass. Matt Mon Mariola - Rubén wrote: Matt, So far, the only case where I find this vulnerability is in the mail sent from the program Incredimail. If these lines are actually prohibited in RFC, it is safer to seek Incredimail technical support to solve your problem. But I fear that the explanation in Declude manual is false and that there is a section in RFC that says clearly that these lines are not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. - Original Message - From: Matt To: declude.virus@declude.com Sent: Monday, December 03, 2007 4:15 PM Subject: Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability Ruben, In your Virus.cfg file, add the following line: ALLOWVULNERABILITYOLBLANKFOLDING This will turn off this vulnerability detection. There have been no viruses that I know of that have exploited this flaw, and it is quite possible that this flaw no longer exists since it is around 5 years old now. You might also want to consider turning off other vulnerability detections due to the propensity of them hitting legitimate E-mail. Here's a list: BANPARTIALOFF ALLOWVULNERABILITYOLCR ALLOWVULNERABILITYOLSPACEGAP ALLOWVULNERABILITYOLMIMESEGMIMEPRE ALLOWVULNERABILITYMIMESEGMIMEPOST ALLOWVULNERABILITYOLLONGFILENAME ALLOWVULNERABILITYOLBLANKFOLDING ALLOWVULNERABILITYOBJECTDATA ALLOWVULNERABILITYOLBOUNDARYSPACEGAP ALLOWVULNERABILITYOLMIMEHEADER ALLOWVULNERABILITYOLLONGBOUNDARY Matt Mon Mariola - Rubén wrote: The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability
The AOL Feedback loop creates alot of these false positives also...we deactivated this test in our Declude a while back --- Randy A. Technical Support Director Global Web Solutions, Inc. 804-442-5300 http://globalweb.net - Original Message - From: Matt [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Monday, December 03, 2007 11:41 AM Subject: Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability Disable it and be done with it. There is no option to partially support the issue, and the issue is very likely not a threat. Just because something isn't RFC compliant doesn't mean that it is a threat. The vulnerability was from Outlook displaying attachments that were hidden by bad encoding, but that flaw was likely patched, or at least it has not been exploited in mass. Matt Mon Mariola - Rubén wrote: Matt, So far, the only case where I find this vulnerability is in the mail sent from the program Incredimail. If these lines are actually prohibited in RFC, it is safer to seek Incredimail technical support to solve your problem. But I fear that the explanation in Declude manual is false and that there is a section in RFC that says clearly that these lines are not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. - Original Message - From: Matt To: declude.virus@declude.com Sent: Monday, December 03, 2007 4:15 PM Subject: Re: [Declude.Virus] Outlook 'Blank Folding' Vulnerability Ruben, In your Virus.cfg file, add the following line: ALLOWVULNERABILITYOLBLANKFOLDING This will turn off this vulnerability detection. There have been no viruses that I know of that have exploited this flaw, and it is quite possible that this flaw no longer exists since it is around 5 years old now. You might also want to consider turning off other vulnerability detections due to the propensity of them hitting legitimate E-mail. Here's a list: BANPARTIALOFF ALLOWVULNERABILITYOLCR ALLOWVULNERABILITYOLSPACEGAP ALLOWVULNERABILITYOLMIMESEGMIMEPRE ALLOWVULNERABILITYMIMESEGMIMEPOST ALLOWVULNERABILITYOLLONGFILENAME ALLOWVULNERABILITYOLBLANKFOLDING ALLOWVULNERABILITYOBJECTDATA ALLOWVULNERABILITYOLBOUNDARYSPACEGAP ALLOWVULNERABILITYOLMIMEHEADER ALLOWVULNERABILITYOLLONGBOUNDARY Matt Mon Mariola - Rubén wrote: The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
