Is there a way for Declude to stop checking for the GDI Vulnerability and
rely on F-Prot?
I went to 1.8 and we found that MANY JPG photos were being caught as false
positives.
Mark Smith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
Can we advise anyone sending pictures from a MAC to zip them? Change the
extension? Would either solution bypass the scanning?
Changing the extension or zipping them would bypass the scanning.
-Scott
---
Declude JunkMail: The advanced anti-spam
Of R. Scott Perry
Sent: Thursday, September 30, 2004 7:53 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] GDI false Postive
Is there a way for Declude to stop checking for the GDI
Vulnerability
and rely on F-Prot?
Yes, you can go back to 1.79
When you release next fix, can you add the ability to disable this test from
inside of declude and rely on the AV software?
We probably will, but there should be no legitimate reason for JPEGs to
contain the exploit.
The issue is that Microsoft's algorithm for detecting them was bad. Our
, September 30, 2004 10:21 AM
Subject: RE: [Declude.Virus] GDI false Postive
When you release next fix, can you add the ability to disable this test
from
inside of declude and rely on the AV software?
We probably will, but there should be no legitimate reason for JPEGs to
contain the exploit
How about adding per domain too.. for the pro..
ie, in virus_domains.txt do:
DOMAINON / OFF / INONLY / OUTONLY
ADD:
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete options,
which overwrite the standard
How about adding per domain too.. for the pro..
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete
options, which overwrite the standard
settings in virus.cfg just for that domain.
We do have enhanced
R. Scott Perry wrote:
We probably will, but there should be no legitimate reason for JPEGs
to contain the exploit.
The issue is that Microsoft's algorithm for detecting them was bad.
Our algorithm should be perfect.
If you provided a switch for all such vulnerabilities, then we wouldn't
have
PROTECTED]
Sent: Thursday, September 30, 2004 4:41 PM
Subject: Re: [Declude.Virus] GDI false Postive
How about adding per domain too.. for the pro..
DOMAIN FILEX.CFG
and in x.cfg have the standard:
Skipext, Banext, Prescan, Ban Options, Footer, Delivererrors,Delete
options, which
And not to upset anyone, how long does it take
it to make it to production or beta?
I noticed this has been in the Suggestion Database for
almost two years.
It is important to realize that the suggestion database is not a list of
features for the next release. It is as the name implies -- a
Is there a test yet? I would really like to know if we are atleast
protected by email.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 30, 2004 2:21 PM
Subject: Re: [Declude.Virus] GDI false Postive
And not to upset anyone
I had a JPG held by declude as:
X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
However, this was a JPG sent from one of my users to another. I seriously
doubt it was infected with anything. The only thing was that it was sent
from a MAC.
User-Agent:
I had a JPG held by declude as:
X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
However, this was a JPG sent from one of my users to another.
I seriously doubt it was infected with anything. The only
thing was that it was sent from a MAC.
After looking in the
For example there is a message showing up in the logfile as
09/29/2004 16:02:55 Qc07307e2007404eb [Microsoft GDIPlus.DLL JPEG
Vulnerability]
09/29/2004 16:02:55 Qc07307e2007404eb [Microsoft GDIPlus.DLL JPEG
Vulnerability]
09/29/2004 16:02:55 Qc07307e2007404eb [Microsoft GDIPlus.DLL JPEG
]
Subject: Re: [Declude.Virus] GDI false Postive
I had a JPG held by declude as:
X-Declude-Virus: Detected [Microsoft GDIPlus.DLL JPEG Vulnerability].
However, this was a JPG sent from one of my users to another. I seriously
doubt it was infected with anything. The only thing was that it was sent
Sent a test message with jpg attached from Macintosh Entourage 11.0.0
(040405) and it was not caught.
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
16 matches
Mail list logo