Um, no making fun here - I opened it. I thought it was just spam someone
forwarded it to my spam account. I didn't find the Trojan downloader on my
PC. I'm ASSUMING that you have to hit the "check prices" macro button as no
macro seemed to auto-execute...
I just downloaded the intelligent updat
I have added the request to the wish list. We are focusing on replicating
problems and fixing items from the list I had posted earlier last week. We
are looking to do a release Thursday 8 July it is currently under going
testing. This is all obviously subject to change just trying to keep you
infor
Marc, check the contents of your c:\ for 666INSE_1.EXE as this is the
dropper file that the macro drops. If it's there, the macro was
executed, and the dropper has probably also download further malware.
Modern versions of Office will, by default, not execute the macro so you
might be safe.
I do
Hi John:
I have received 3 of these that are not in zip files.
My_new_comp.doc
About_me.doc
Hp_laptops.doc
All are similar in concept:
With the following in the body and different subjects. Name after hello is
also different.
---
Hello Cristian Asanachescu
Regards
David,
I'm just wondering about the issue with the invalid characters in the
Mail From's that caused massive spam leakage almost a month ago. Is
this too supposed to be fixed?
I'm also very, very curious about the other bugs such as long base 64
encoding causing Declude Virus to fail decodi
Matt -
Thanks for keeping track of all of this for the rest of us.
Rob
-Original Message-
David,
I'm just wondering about the issue with the invalid characters in the Mail
From's that caused massive spam leakage almost a month ago. Is this too
supposed to be fixed?
I'm also very, ve
Matt,
Headers not using proper CRLF line breaks is currently being tested using
the new vulnerability NONSTANDARDCRLF test.
As for these items they are on the list for engineers to confirm and test
and fix if they are bugs.
1. Invalid characters in the Mail FROM
2. Long base 64 encoding causing
David,
The CRLF thing doesn't affect me since I have my own solution, however
for those that use Subject tagging, adding another test won't help
unless they decide to just simply delete such messages. The header
boundary could be programatically determined with a great deal of ease
(a simple
All of these issues are why I am still on version 2.x.x as well. I have
been waiting for their resolution for some time while patiently paying my
support fee's.
At 01:48 PM 6/28/2006 -0400, you wrote:
>David,
>
>I'm just wondering about the issue with the invalid characters in the
>Mail From's
Matt,
The CRLF problem has more to do with the email server and not Declude,
emails that are so badly broken should be either rejected by the email
server or these headers should be standardized by the email server.
Eitherway this is a much more complex issue than you make it out to be, by
just f
David,
>From my point of view, the problem with that response is that if Imail
handle all the issues presented by abnormal mail messages, we would not need
Declude. Imail handles normal messages just fine. If it were not for viruses
and spammers, we would not see these problems. We got Declude to
Folk -
Chiming in here on the CRLF issue. For many months, David R (Rocqa?) from
Declude sent me versions to test that were attempting to fix this issue.
None solved the problem (we probably tested four or five versions), but
never once did he or anybody point a finger at the email server.
It i
Back to the matter indicated in the subject line, how are others dealing
with this?
Is F-Prot and AVG and others catching this now?
Which AV scanners are indeed catching it?
Now for the bigger question: How do we combat this and future such versions
without outright blocking of the file extensio
David,
Mail servers have absolutely no requirement to inspect the contents of
the data. This is Declude's job to do. Additionally, most mail clients
do support both the CR flaw as well as the long base64 encoding flaw,
so anything making it past Declude due to the holes created by these
bu
as every instance we have seen of this has been invalid email.
I certainly regularly receive incorrectly formatted email. I'm pretty small
volumne, but looking over my logs (I have an external test for this
condition), it is 111 non-spam messages this month.
My email volume is pretty low. Bu
John,
CLAMAV is catching it on my systems.
Darrell
---
fpReview - Review held mail easily and quickly.
http://www.invariantsystems.com
John T (Lists) writes:
Back to the matter indicated in the subject line, how are others dealing
with this?
Is
John,
I think that F-prot now is getting it.
Subject: Declude Virus caught a virus
X-Mailer:
X-Declude-Sender: postmaster [127.0.0.1]
X-Note: Spam Score: 0
X-Note: SMTP Sender: postmaster
X-Note: Reverse DNS & IP: (Private IP) [127.0.0.1]
X-Country-Chain:
X-Note: To: nclife.com
X-RCPT-TO: <[EMA
I haven't seen any yet; I don't know if F-Prot is catching them.
>From the published information at the antivirus vendors' sites, I'm
using the BANNAME feature, e.g.
BANNAME My_Notebook.doc
And further, I catch most of the viruses as junkmail because they
typically come from zombie machines, so
I don't know where that ">" character in front of my From sentence came
from. The first character on that line should have been an "F".
It must be some kind of weird auto-quoting software; that character is
not in the email that I sent.
Andrew 8)
> -Original Message-
> From: [EMAIL P
Sure it is not some form or the Pebcak virus Andrew?
Sorry, couldn't resist. I needed the laugh.
;-)>
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Colbeck,
> Andrew
> Sent: Wednesday, June 28
20 matches
Mail list logo