I'm going to check to see exactly what Declude Virus is doing in this
case, to make sure that it is handling the situation properly.
Actually, 1.63 will identify any filename mismatch as a problem, and
convert it to an .exe. The next release will change that behavior to only
catch filenames
Is there a link I can go to to get more information on this vulnerability?
I installed 1.63beta this morning and two messages were caught with this
vulnerability. I took a look at the messages and here is what happened. The
user (using a macintosh and Netscape 4.74) forwarded the message (that
How is the new beta performing?
Any problems?
Thanks,
Doug
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
For what it's worth, this happened here today too:
11/27/2002 12:19:11 Qfe8d396 MIME file: [text/html][7bit; Length=6927
Checksum=581128]
11/27/2002 12:19:11 Qfe8d396 Found file with mismatched extensions
[Nov-Dec-Ja-Nov-Dec-Ja]; assuming .exe
11/27/2002 12:19:11 Qfe8d396 Got disp
Scott, does this warrant a rollback or is a fix on its way out?
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Is there a link I can go to to get more information on this vulnerability?
No, it was just added to the 1.63 beta.
It is designed to catch E-mails with a MIME segment that contain two
different types of encoding (only one type of encoding can be used in a
MIME segment). 1.63 may have false
For what it's worth, this happened here today too:
11/27/2002 12:19:11 Qfe8d396 Found file with mismatched extensions
[Nov-Dec-Ja-Nov-Dec-Ja]; assuming .exe
It sounds it is probably the same issue (a broken mail client splitting the
name in one location but not another, changing the actual
Scott, does this warrant a rollback or is a fix on its way out?
It only affects broken mail clients, so I personally don't see it as
warranting a rollback. The interim release takes care of the issue.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
My log files are still about 50Mb daily even after the LOG_OK NONE option.
Is that version related?
Thanks,
Doug
I have my logging set to LOW but my log files are still about 40-50Mb
per day. We do process about 100K emails.
What is the appropriate way to handle such a volume of info and not
How many e-mails are you processing and how many viruses are you catching?
Can you post a snippet of the log?
What is LOGLEVEL set to?
Try setting to LOW.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original
10 matches
Mail list logo
