Re: [Declude.Virus] Blank folding vulnerablity help
Follow-up (and warning for others). The problem was EDNS0. This is installed by default on Windows 2003 and must be disabled otherwise some firewalls and older versions of BIND will not resolve queries. More about disabling it can be found here: http://support.microsoft.com/kb/828263 The seriously strange thing is that I ran across this about a year ago and I had disabled EDNS0 on all of my production servers, and while the registry setting was still there showing it was disabled, reapplying the command to disable it, and restarting my DNS servers, caused the issue to go away. So it appears that some update or other unassociated config process caused EDNS0 to magically come back on with three of my boxes. Marc, the fact that your DNS service provider has issues with a default Windows 2003 setting would be good reason for you to insist that they change immediately, or move your DNS to another provider. When I ran into this a year ago it was an older version of BIND that was causing issues, but I have heard that old Cisco and SonicWall software can also block these packets. Matt Matt wrote: Marc, One other off-topic thing. For some reason, none of my Windows 2003 DNS servers will resolve any of your DNS records. I can however resolve through other servers running on both Mac's (BSD) and Linux, I can tracert to your DNS provider's IP space from my network, and I can query directly off of your DNS provider's servers using a query tool on my desktop. I tested 4 of my Windows 2003 DNS servers at two locations and two totally different networks though with timeouts on everything, and only for your domain and skynetweb.com. It seems that your provider is blocking or otherwise selectively not responding to queries made from Windows 2003 DNS (including nslookup running on those boxes). You might want to check into this because this is probably widespread. Matt Marc Catuogno wrote: Matt thanks again. I cant get a download off of the declude page other than the latest version and hot fixes for 1.76-1.82 no 2. versions at all I may venture into the 3s but I am still running IMAIL 8.15 Ive been too scared to upgrade either product lately, sad really. I used to wait about a week before jumping on an upgrade Keep hoping smarter mail will pan out, most of my users are on webmail and I hear that it is abysmal on IMAIL 2006 Sorry for the rant, but I hate I far behind I feel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 9:10 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, 2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made. The only caveat here is that you will have issues on any version of IMail later than 8.15HF2. 2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of. I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not I have been putting off upgrading till IMAIL and Declude are all at nice stable releases Any input on what the latest/best working combo is? Crap. Thank you! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced
Re: [Declude.Virus] Blank folding vulnerablity help
Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316] 01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]
RE: [Declude.Virus] Blank folding vulnerablity help
Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316] 01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]
Re: [Declude.Virus] Blank folding vulnerablity help
ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316] 01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]
RE: [Declude.Virus] Blank folding vulnerablity help
So since I am running 1.82 I can either allow all vulnerabilities or not I have been putting off upgrading till IMAIL and Declude are all at nice stable releases Any input on what the latest/best working combo is? Crap. Thank you! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316] 01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]
Re: [Declude.Virus] Blank folding vulnerablity help
Marc, 2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made. The only caveat here is that you will have issues on any version of IMail later than 8.15HF2. 2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of. I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not I have been putting off upgrading till IMAIL and Declude are all at nice stable releases Any input on what the latest/best working combo is? Crap. Thank you! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744
RE: [Declude.Virus] Blank folding vulnerablity help
Matt thanks again. I cant get a download off of the declude page other than the latest version and hot fixes for 1.76-1.82 no 2. versions at all I may venture into the 3s but I am still running IMAIL 8.15 Ive been too scared to upgrade either product lately, sad really. I used to wait about a week before jumping on an upgrade Keep hoping smarter mail will pan out, most of my users are on webmail and I hear that it is abysmal on IMAIL 2006 Sorry for the rant, but I hate I far behind I feel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 30, 2006 9:10 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, 2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made. The only caveat here is that you will have issues on any version of IMail later than 8.15HF2. 2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of. I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not I have been putting off upgrading till IMAIL and Declude are all at nice stable releases Any input on what the latest/best working combo is? Crap. Thank you! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME
Re: [Declude.Virus] Blank folding vulnerablity help
Marc, I'm using SmarterMail for hosted E-mail and 2.6 isn't quite where I would like to see it. I'm not sure what the new version will offer that 2.6 doesn't, but there will certainly be refinements for Declude such as support for WHITELIST AUTH and their port 587 support will enable us to lock it down to AUTH-only connections. On the other hand, some of the things that bother me somewhat are the proprietary format of the user's mail box files (there is a mix of binary and ASCII data and they can't be hand-edited). They also don't have tools available such as IMail's ExtractUsers.exe which outputs a file with all user information and their passwords. I also have some gripes about not being able to disable things like catch-all functionality and vacation messages, and I think that some of their default settings could be better thought out such as needing to check a box when entering a forwarding address or it will leave a copy of the messages on the server. On the flip side it does have some features that are nicer than IMail 8.15 such as a better Web interface and better performance. The interface is why I switched, but I still use IMail with Declude for doing all of my scanning. As far as IMail 2006 goes, I think they are doing a good job of listening, but naturally with such a big change to their Web interface one should wait a little bit for things to become fully vetted and stable. I think they are working fast to address all known issues. I also like the idea that IMail has opted for a very open Webmail implementation so that one can do a lot of tweaking to the Interface. I still haven't tried their Webmail, but if things turn out good, I might actually switch back from SmarterMail because for me it would be better to have just one platform to support, and I desire IMail's straightforward mailbox format and flexibility in tweaking Webmail. The way that SmarterMail works by showing messages on a totally different screen than the list of messages makes it impractical for doing spam review in capture accounts (unless you want to click back for every message). Maybe they will change to a framed format in 3.0, but until they do, I have no choice but to keep IMail. I'm sure that clears a lot of things up :) Matt Marc Catuogno wrote: Matt thanks again. I cant get a download off of the declude page other than the latest version and hot fixes for 1.76-1.82 no 2. versions at all I may venture into the 3s but I am still running IMAIL 8.15 Ive been too scared to upgrade either product lately, sad really. I used to wait about a week before jumping on an upgrade Keep hoping smarter mail will pan out, most of my users are on webmail and I hear that it is abysmal on IMAIL 2006 Sorry for the rant, but I hate I far behind I feel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 9:10 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, 2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made. The only caveat here is that you will have issues on any version of IMail later than 8.15HF2. 2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of. I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not I have been putting off upgrading till IMAIL and Declude are all at nice stable releases Any input on what the latest/best working combo is? Crap. Thank you! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream
Re: [Declude.Virus] Blank folding vulnerablity help
Marc, One other off-topic thing. For some reason, none of my Windows 2003 DNS servers will resolve any of your DNS records. I can however resolve through other servers running on both Mac's (BSD) and Linux, I can tracert to your DNS provider's IP space from my network, and I can query directly off of your DNS provider's servers using a query tool on my desktop. I tested 4 of my Windows 2003 DNS servers at two locations and two totally different networks though with timeouts on everything, and only for your domain and skynetweb.com. It seems that your provider is blocking or otherwise selectively not responding to queries made from Windows 2003 DNS (including nslookup running on those boxes). You might want to check into this because this is probably widespread. Matt Marc Catuogno wrote: Matt thanks again. I cant get a download off of the declude page other than the latest version and hot fixes for 1.76-1.82 no 2. versions at all I may venture into the 3s but I am still running IMAIL 8.15 Ive been too scared to upgrade either product lately, sad really. I used to wait about a week before jumping on an upgrade Keep hoping smarter mail will pan out, most of my users are on webmail and I hear that it is abysmal on IMAIL 2006 Sorry for the rant, but I hate I far behind I feel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 9:10 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, 2.0.6.16 is as solid as any release that I have seen, and I can't see how you would have any issues with upgrading to it, nor are there any changes that must be made. The only caveat here is that you will have issues on any version of IMail later than 8.15HF2. 2.0.6.16 fixes issues present in 1.82, adds new functionality such as this vulnerability stuff, and does not introduce any new bugs that I am aware of. I don't want to dismiss the latest 3.x release since others are happy with it, but since I run IMail 8.15HF2, there is little in that release that enhances my immediate use, and I am willing to wait a bit longer so that a period of stability can be established before I make the jump. Matt Marc Catuogno wrote: So since I am running 1.82 I can either allow all vulnerabilities or not I have been putting off upgrading till IMAIL and Declude are all at nice stable releases Any input on what the latest/best working combo is? Crap. Thank you! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help ALLOWVULNERABILITIESFROM came in 2.0. They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher. I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you What version of Declude is needed for these allows? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY OLCR ALLOWVULNERABILITY OLSPACEGAP ALLOWVULNERABILITY OLMIMESEGMIMEPRE ALLOWVULNERABILITY OLMIMESEGMIMEPOST ALLOWVULNERABILITY OLLONGFILENAME ALLOWVULNERABILITY OLBLANKFOLDING ALLOWVULNERABILITY OBJECTDATA ALLOWVULNERABILITY OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test. What can I tell this person they should do to not have this e-mail get caught? I dont want to allow vulnerabilities through but. 01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676
Re: [Declude.Virus] Blank Folding
Why is this mail cached by the blank folder I can't see anywhere that there are an error which should cause this The Outlook Blank Folding Vulnerability occurs when there is a line in the headers with just a single space or a single tab character. In this case: From: Eivind Pettersen [EMAIL PROTECTED] To: =?iso-8859-1?Q?Helge_B=F8e_=28E-post=29?= [EMAIL PROTECTED], Carl E. M. Flygare (E-post) [EMAIL PROTECTED], Harald Fossum (E-post) [EMAIL PROTECTED], Petter(jobb) (E-post) [EMAIL PROTECTED], =?iso-8859-1?Q?Karl_Erik_Sletteb=F8e_=28E-post=29?= [EMAIL PROTECTED], X-Declude-Sender: [EMAIL PROTECTED] [213.236.237.229] The last header (before Declude added its headers) was a line with just a single tab character. This is in violation of RFC822 3.2.3, and creates the vulnerability. Even more interesting, it appears that the mail client dropped off one of the recipients -- the last one ends with a ,, which would imply that there were more addresses that disappeared. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blank Folding
so just a wild guess if u sent to a group of your contacts in Outlook and is has a bad adresss this can happen ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: 3. oktober 2003 15:35 To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blank Folding Why is this mail cached by the blank folder I can't see anywhere that there are an error which should cause this The Outlook Blank Folding Vulnerability occurs when there is a line in the headers with just a single space or a single tab character. In this case: From: Eivind Pettersen [EMAIL PROTECTED] To: =?iso-8859-1?Q?Helge_B=F8e_=28E-post=29?= [EMAIL PROTECTED], Carl E. M. Flygare (E-post) [EMAIL PROTECTED], Harald Fossum (E-post) [EMAIL PROTECTED], Petter(jobb) (E-post) [EMAIL PROTECTED], =?iso-8859-1?Q?Karl_Erik_Sletteb=F8e_=28E-post=29?= [EMAIL PROTECTED], X-Declude-Sender: [EMAIL PROTECTED] [213.236.237.229] The last header (before Declude added its headers) was a line with just a single tab character. This is in violation of RFC822 3.2.3, and creates the vulnerability. Even more interesting, it appears that the mail client dropped off one of the recipients -- the last one ends with a ,, which would imply that there were more addresses that disappeared. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blank Folding
so just a wild guess if u sent to a group of your contacts in Outlook and is has a bad adresss this can happen ? Only if the mail client is broken. The problem is that folding is used to take a long line and split it up into several smaller lines (if you have looked at Received: headers, most of them do this -- if the header starts with a space or a tab, it is a continuation of the previous line). However, with just a single space or tab, that's like taking one line and making two out of it, with the first line containing the whole line, and the second line completely blank. It just doesn't make any sense. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blank Folding
The problem is that folding is used to take a long line and split it up into several smaller lines (if you have looked at Received: headers, most of them do this -- if the header starts with a space or a tab, it is a continuation of the previous line). However, with just a single space or tab, that's like taking one line and making two out of it, with the first line containing the whole line, and the second line completely blank. It just doesn't make any sense. -Scott thats right but if I send an email to someone this is taken automaticly to outlook and in outlook it just appeas as benny not the email address then Outlook will try to send to this contact even if there is not an email address in that contact, then this one will appear as blank and can cause this ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blank Folding
thats right but if I send an email to someone this is taken automaticly to outlook and in outlook it just appeas as benny not the email address then Outlook will try to send to this contact even if there is not an email address in that contact, then this one will appear as blank and can cause this ? Unfortunately, I do not know under what situations Outlook will do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blank Folding
ok just trying to figure out why this is coming in the mail -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: 3. oktober 2003 16:52 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Blank Folding thats right but if I send an email to someone this is taken automaticly to outlook and in outlook it just appeas as benny not the email address then Outlook will try to send to this contact even if there is not an email address in that contact, then this one will appear as blank and can cause this ? Unfortunately, I do not know under what situations Outlook will do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blank Folding
With no email address you would normally get a no transport provider available because outlook wouldn't know what to do with it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ISPhuset Nordic AS Sent: Friday, October 03, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Blank Folding The problem is that folding is used to take a long line and split it up into several smaller lines (if you have looked at Received: headers, most of them do this -- if the header starts with a space or a tab, it is a continuation of the previous line). However, with just a single space or tab, that's like taking one line and making two out of it, with the first line containing the whole line, and the second line completely blank. It just doesn't make any sense. -Scott thats right but if I send an email to someone this is taken automaticly to outlook and in outlook it just appeas as benny not the email address then Outlook will try to send to this contact even if there is not an email address in that contact, then this one will appear as blank and can cause this ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.