RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I reported this to declude. They are working on it. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 6:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! -Original Message Headers- Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by Mail.Webhost.HM-Software.com (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 - X-YMail-OSG: gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via HTTP; Thu, 04 Oct 2007 15:23:21 PDT X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) From: Dorene D Robinson [EMAIL PROTECTED] Subject: Fw: Our Virus Firewall has Rejected Your Email! To: Michael Page [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1745477977-1191536601=:15605 Message-ID: [EMAIL PROTECTED] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi Kevin, thanks. To save me and my customers frustration - is it limited to that one vulnerability - or are other's involved that I should disable proactively (or reverse to the previous build)? Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Friday, October 05, 2007 3:15 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I reported this to declude. They are working on it. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 6:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! -Original Message Headers- Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by Mail.Webhost.HM-Software.com (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 - X-YMail-OSG: gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via HTTP; Thu, 04 Oct 2007 15:23:21 PDT X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) From: Dorene D Robinson [EMAIL PROTECTED] Subject: Fw: Our Virus Firewall has Rejected Your Email! To: Michael Page [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1745477977-1191536601=:15605 Message-ID: [EMAIL PROTECTED] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
We are looking into this code, are you sure it is 4.3.62 and not a change with YahooMailWebService? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! -Original Message Headers- Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by Mail.Webhost.HM-Software.com (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 - X-YMail-OSG: gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via HTTP; Thu, 04 Oct 2007 15:23:21 PDT X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) From: Dorene D Robinson [EMAIL PROTECTED] Subject: Fw: Our Virus Firewall has Rejected Your Email! To: Michael Page [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1745477977-1191536601=:15605 Message-ID: [EMAIL PROTECTED] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi Dave, Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was getting reports from people using VARIOUS email systems (not limited to Yahoo's mail service), that just happened to be the one that I had at my finger tips. I can also say that it happened to people sending mail from Lotus Notes 6. I worked with the Tech Guy at the client's client and he tried to send me simply emails with a zip or PDF attachment and nothing got past 4.3.62. File: [No attachment] Result: Found[Outlook 'MIME segment in MIME Postamble' Vulnerability] -Original Message Headers- Received: from DOMSVR1.L***.COM [***.26.122.219] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-9.21) id A46A0358; Thu, 04 Oct 2007 14:43:54 -0400 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Riverside Quote P/N: 147329 MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Thu, 4 Oct 2007 13:43:36 -0500 X-MIMETrack: Serialize by Router on DOMSVR1/domino(Release 6.5.6|March 06, 2007) at 10/04/2007 13:43:38 Content-Type: multipart/mixed; boundary==_mixed 0066DE538625736A_= --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Our previous version is 4.3.46 and it work fine except for the Outlook space Gap Issue. I have not loaded any of the other interims to be able to test them. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 7:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 10:45 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi Dave, Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was getting reports from people using VARIOUS email systems (not limited to Yahoo's mail service), that just happened to be the one that I had at my finger tips. I can also say that it happened to people sending mail from Lotus Notes 6. I worked with the Tech Guy at the client's client and he tried to send me simply emails with a zip or PDF attachment and nothing got past 4.3.62. File: [No attachment] Result: Found[Outlook 'MIME segment in MIME Postamble' Vulnerability] -Original Message Headers- Received: from DOMSVR1.L***.COM [***.26.122.219] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-9.21) id A46A0358; Thu, 04 Oct 2007 14:43:54 -0400 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Riverside Quote P/N: 147329 MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Thu, 4 Oct 2007 13:43:36 -0500 X-MIMETrack: Serialize by Router on DOMSVR1/domino(Release 6.5.6|March 06, 2007) at 10/04/2007 13:43:38 Content-Type: multipart/mixed; boundary==_mixed 0066DE538625736A_= --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I have not reverted to .57, I have disabled this vulnerability in the Virus.cfg for now to see what other issues I might uncover. (There was a false positive reported last night for a different vulnerability for mail send by Netscapes mail applet, but I haven't firmed that one up yet). If you like me to, I have an archive of held Postamble MIME files that are LEGITIMATE (some of them are automatically created emails that our clients used to get all the time) and zip them up to you? If so, which email do you want me to use? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Send them directly to me. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 12:15 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I have not reverted to .57, I have disabled this vulnerability in the Virus.cfg for now to see what other issues I might uncover. (There was a false positive reported last night for a different vulnerability for mail send by Netscapes mail applet, but I haven't firmed that one up yet). If you like me to, I have an archive of held Postamble MIME files that are LEGITIMATE (some of them are automatically created emails that our clients used to get all the time) and zip them up to you? If so, which email do you want me to use? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Dave, The Blank Folding Vulnerability is ALSO causing false positives (but not as many as the Postamble one). I'll send you ANOTHER email with Blank Folding false positives in about 5 minutes. I have to back this release out - something majorly wrong with it. Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! -Original Message Headers- Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by Mail.Webhost.HM-Software.com (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 - X-YMail-OSG: gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via HTTP; Thu, 04 Oct 2007 15:23:21 PDT X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) From: Dorene D Robinson [EMAIL PROTECTED] Subject: Fw: Our Virus Firewall has Rejected Your Email! To: Michael Page [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1745477977-1191536601=:15605 Message-ID: [EMAIL PROTECTED] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Thanks for the feedback we are looking at it as #1 priority at the moment. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 2:09 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Dave, The Blank Folding Vulnerability is ALSO causing false positives (but not as many as the Postamble one). I'll send you ANOTHER email with Blank Folding false positives in about 5 minutes. I have to back this release out - something majorly wrong with it. Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! -Original Message Headers- Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by Mail.Webhost.HM-Software.com (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 - X-YMail-OSG: gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via HTTP; Thu, 04 Oct 2007 15:23:21 PDT X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) From: Dorene D Robinson [EMAIL PROTECTED] Subject: Fw: Our Virus Firewall has Rejected Your Email! To: Michael Page [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1745477977-1191536601=:15605 Message-ID: [EMAIL PROTECTED] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties
I reverted to .57 and had someone resent an email with Attachment from Lotus Notes and this time it went through. So - the answer is yes, the problem goes away with .57. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 11:18 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok, we are working on the issue, can you replicate it with an earlier version of Declude like .46 or .59 ? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] 4.3.62 countless false positives for vulnerabilties
Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had numerous different clients reporting clients with Outlook 'MIME segment in MIME postamble' Vulnerability. Valid emails from Lotus Notes 6 with attachments were rejected (reproducible at will), messages from Yahoo Webmail, etc. If a change was made that triggers this test for major mailers, then it's worthless because no one can keep it on! -Original Message Headers- Received: from web54307.mail.re2.yahoo.com [206.190.49.117] by Mail.Webhost.HM-Software.com (SMTPD-9.21) id A7D90348; Thu, 04 Oct 2007 18:23:21 -0400 Received: (qmail 16141 invoked by uid 60001); 4 Oct 2007 22:23:21 - X-YMail-OSG: gMjlzJ8VM1kitP0O1BmKwo27pVtlLBqWelr5JqstaE0yZq5YNhiYJacdUZWYkR9IjJ6G5P haJ4H_VqsBIIjZqitJIsJEP6cL7GEoJN4Oqb_aWbnemUc3IZbdqDlDjg-- Received: from [69.147.97.215] by web54307.mail.re2.yahoo.com via HTTP; Thu, 04 Oct 2007 15:23:21 PDT X-Mailer: YahooMailRC/651.50 YahooMailWebService/0.7.134 Date: Thu, 4 Oct 2007 15:23:21 -0700 (PDT) From: Dorene D Robinson [EMAIL PROTECTED] Subject: Fw: Our Virus Firewall has Rejected Your Email! To: Michael Page [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1745477977-1191536601=:15605 Message-ID: [EMAIL PROTECTED] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
