Hi Ferrell, I can assure you that the MIME segment in MIME Postamble Vulnerability is triggering correctly.
This vulnerability occurs when it appears as though a MIME segment is occurring after the end of the MIME body (specifically, a MIME segment with a boundary other than the one specified appears in the MIME postamble). Outlook may see this as an attachment. Although technically valid, there is no legitimate reason for an E-mail to be sent like this. When a virus uses this type of vulnerability, it will bypass a standard mail server virus scanner, and get delivered to the recipient. You have several options: 1. Disable the MIME segment in MIME Postamble Vulnerability check altogether. In the virus.cfg ALLOWVULNERABILITY MIMESEGMIMEPOST 2. Allow all vulnerabilities FROM a specific email address or domain ALLOWVULNERABILITIESFROM [email protected] 3. Allow all vulnerabilities TO a specific email address or domain ALLOWVULNERABILITIESTO [email protected] Unfortunately there is not a way to allow an IP range. David -----Original Message----- From: Ferrell Ard [mailto:[email protected]] Sent: Thursday, November 03, 2011 9:02 AM To: [email protected] Subject: [Declude.JunkMail] MIME segment in MIME Postamble We are seeing quite a few email's being caught as VIRUS by X-Declude-Virus: Detected [Outlook 'MIME segment in MIME Postamble' Vulnerability] [from IP 173.227.130.61 (mail.politics1.com)]. The email DOES have (at the end) --------------Boundary-00=_TY255O4SHK9FB43NIKKB-- --------------Boundary-00=_TY25HSX59YWNJLA59R1V-- Is there a way to ALLOW this from a given IP range? ex 173.227.130.0 255.255.255.0 Thanks very much Ferrell Ard --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
