Re: [Declude.Virus] What is Partial Vulnerability on a PDF
Hi, Actually why couldn't Declude run uudecode and reassemble the file before hand, then have it scanned and determine if it is harmful or not?? Because the time between the e-mail with first part might be one second, one day one week, etc. Declude now simply scans one e-mail, and when it's finished... it's finished. If it were to scan something like this it would need to remember stuff between scans. And, when would Declude decide a file sent in parts is complete? And what if a part is missing, when would Declude decide it would never get to see all parts? And what would Declude need to do with all parts before it has seen *all* parts and can finally decide whether they contain a virus or not? Multiple questions/problems which Declude would need to solve but for which is no need to solve them. The reason for sending a large file in parts is virually gone,. I can find only one reason today, either the sender or receiver is on a slow dial-up and want's to send/receive across *dial-up sessions* for whatever reason. If that's the case, maybe they should split up the file beforehand using ZIP/RAR/etc. and sent eacht part seperate. Groetjes, Bonno Bloksma --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Uuencode/Uudecode is what we used to use before the high speed world became a reality. You would type Uudecode and the file name and path. If I remember as long as all the parts where in the same directory it would reassemble it. There are plenty of mailers that will reassemble and I really thought all of them did it today. UUencode/UUdecode UUencode/UUdecode is a software utility that converts a binary file (often a photo or a graphic) to an ASCII (text) file so that it can be sent as an attachment to an e-mail message or downloaded from a newsgroup. Since e-mail messages must be text, not binary information, UUencode disguises non-text files as text so that they can be included in a mail message. When the message is received, the recipient, or their e-mail program, runs UUdecode to convert it to the original file. Easily available on the net via shareware. Google UUencode Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Loughlin Sent: Friday, June 04, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Actually why couldn't Declude run uudecode and reassemble the file before hand, then have it scanned and determine if it is harmful or not?? DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Saturday, June 05, 2004 5:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Uuencode/Uudecode is what we used to use before the high speed world became a reality. You would type Uudecode and the file name and path. If I remember as long as all the parts where in the same directory it would reassemble it. There are plenty of mailers that will reassemble and I really thought all of them did it today. UUencode/UUdecode UUencode/UUdecode is a software utility that converts a binary file (often a photo or a graphic) to an ASCII (text) file so that it can be sent as an attachment to an e-mail message or downloaded from a newsgroup. Since e-mail messages must be text, not binary information, UUencode disguises non-text files as text so that they can be included in a mail message. When the message is received, the recipient, or their e-mail program, runs UUdecode to convert it to the original file. Easily available on the net via shareware. Google UUencode Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Loughlin Sent: Friday, June 04, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Was there ever a way to put these emails back together? I had some one send me pictures that got broken up by this, and was wondering if they could be re-assembled. Bruce -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E
[Declude.Virus] What is Partial Vulnerability on a PDF
Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] What is Partial Vulnerability on a PDF
Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. That's the vulnerability -- a single attachment that has been split into multiple E-mails. This was cool in the early 90's to bypass the 50K size limit for E-mails. But today, it is not necessary, and causes a vulnerability (if not blocked, viruses could spread that way). We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? A mail client that gets all 5 parts should (if it supposed split E-mails) be able to automagically put them back together into one E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] What is Partial Vulnerability on a PDF
Yes I looked again and you are right. So Declude would have to keep track of e-mail to e-mail and possible out of sequence and different clients marking the split stuff in different ways On/Off switch is the way to go (unfortunately) Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 03, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I think the problem is, that while the extension may show up in one of the 5, it would not be in all 5 and therefore not an accurate test. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 03, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] What is Partial Vulnerability on a PDF I guess it would be nice to say BANPARTIAL EXE BANPARTIAL COM BANPARTIAL VBS Etc I don't think a PDF can be infected but then again you never know so maybe . In any case it is almost a damned if you do damned if you don't Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, June 03, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] What is Partial Vulnerability on a PDF Goran, Outlook/Outlook Express allows a sender to split messages over a certain size into multiple attachments. Messages of this type can bypass virus scanning and therefore represent a vulnerability. I have however personally determined that because it is so easy to turn on, and because I have yet to find any viruses that are currently exploiting this flaw, that it is better to leave it off for now rather than comb over my hold file looking for such messages and alerting those that are set up for this. Scott does provide a stitch for your Virus.cfg that can turn this off with the following: BANPARTIALOFF I don't feel that this is a set it and forget it type of setting, so use at your own risk, and keep your eyes and ears pealed for exploits in the event that a virus does start exploiting the flaw. Thankfully the trickery has gone down since the arrested that German teenager :) Matt Goran Jovanovic wrote: Declude Virus and F-Prot reported X-Declude-Virus: Detected [Partial Vulnerability]. This is an e-mail that has been cut into 5 part and it has a PDF attached to it. --=_NextPart_000_0019_01C4494C.0AFFE0A0 Content-Type: application/octet-stream; name=Report.pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=Report.pdf We stopped the 5 e-mails but why would it have triggered on a PDF file? Also how does the client out the PDF back together??? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing
