I just installed the newest version of Declude and I am seeing this from
my virus notification email:
The attachment is [Outlook 'MIME segment in MIME Preamble'
Vulnerability]
What is the mime preamble vulnerability? (reader's digest version is
fine)
It is a recently discovered vulnerability that allows Outlook to see
attachments that don't really exist, which means that if not caught as a
vulnerability, viruses could get through. In the cases we have seen so
far, the false positives are incorrectly constructed E-mails, where the
E-mail doesn't even work as it was intended to (there is a stray MIME
segment that wasn't formed correctly, so it won't be seen).
MIME works by converting the body of an E-mail into a number of segments --
such as a text or HTML segment that you can view, and
attachments. However, it also allows for a "preamble" and a "postamble",
which allow information to appear before or after the MIME segments. Most
mail clients do not display this information (which typical says "If you
can read this, your mail client doesn't understand MIME").
An incorrectly formatted MIME E-mail may have a wrong "boundary string" in
the first MIME segment, so where the person who created the E-mail *thinks*
there is a MIME segment, it is really still the MIME preamble (which
doesn't end until the first MIME segment begins). Outlook, however, may
treat this as an actual MIME segment, and may be able to see a virus
there. That's why it needs to be caught as a vulnerability.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
