I turned if off and it still got through.
Test #17: Eicar virus hidden using the CR Vulnerability (attachment can be
opened by all versions of Microsoft Outlook and Outlook Express)
RSP I just checked this one, and it got through here, too. I examined the raw
RSP source of the E-mail, and there
: Monday, December 20, 2004 1:48 PM
To: Declude.Virus@declude.com
Subject: Re[8]: [Declude.Virus] testvirus.org #22
I turned if off and it still got through.
Test #17: Eicar virus hidden using the CR Vulnerability (attachment
can be opened by all versions of Microsoft Outlook and Outlook
Express)
RSP
Also, does Declude recursively unpack MIME segments, if one of the
attachments is itself a .eml file or .smd file, would any attachments
inside it be unpacked and the scanner(s) called on those?
Yes.
-Scott
---
Declude JunkMail: The advanced
- Original Message -
From: Colbeck, Andrew [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, December 20, 2004 1:57 PM
Subject: RE: Re[8]: [Declude.Virus] testvirus.org #22
Ditto. I thought Declude called the scanner(s) on the d*.smd,
plus extracted all the segments out
Scott, what do you get for test #22. Some have reported it caught
while others haven't. My F-Prot config is:
It's caught here.
Unfortunately, I can't find any information on that vulnerability, so I
can't explain why it might or might not get caught.
]: [Declude.Virus] testvirus.org #22
Also, does Declude recursively unpack MIME segments, if one of the
attachments is itself a .eml file or .smd file, would any attachments
inside it be unpacked and the scanner(s) called on those?
Yes.
-Scott
---
Declude
