Lyndon,
I'm pretty sure that this is a bug in the detection of that particular
vulnerability, and at the time I had tracked that down to a repeatable
condition associated with MIMEsweeper. The pattern itself I believe is
compliant in this case, and Declude could probably fix the issue without
affecting other accurate hits on this vulnerability. As I had pointed
out, it is probably a simple mistake in not defolding the headers
properly for that check.
Nevertheless, personally I have never seen something actually exploit
this vulnerability, though there were certainly malformed spams that
would trigger it. Declude introduced the ability to disable certain
vulnerabilities in 2.0.6+ and I disabled this as well as many other
vulnerabilities. I believe that many of these vulnerabilities have long
since been patched and most have never been exploited and are now past
their usefulness. They do though of course catch spam, but I prefer to
let JunkMail do the spam blocking instead of Virus.
You can disable this by adding "ALLOWVULNERABILITY
OLBOUNDARYSPACEGAP" to your virus.cfg if you wish. Declude would also
be well served by fixing the issue since this is a default setting and
it will block messages from legitimate servers unbeknownst to most admins.
Matt
Lyndon Eaton wrote:
Hello All,
I've been searching the archives to do with false positives with the
outlook Boundary Space Gap vulnerability, and found a post
(http://www.mail-archive.com/[email protected]/msg12093.html)
that seems to cover the same problem as I've found, whereby the senders
use Outlook > Exchange and then MIMEsweeper, and Declude detects the
OBSGV.
The post mentions Outlook using a TAB to folder headers, and MIMEsweeper
replacing this with 4 spaces. Although this does not seem to be breaking
a specific RFC, would people view this as sloppy coding on Clearswifts
part, or Declude incorrectly detecting a OBSGV?
Regards,
Lyndon.
************************************************
Email checked by UKsubnet anti-virus service
To prevent email abuse & block spam
contact [EMAIL PROTECTED]
Tel: +44(0)9063407727 (calls cost £1.50/minute)
Fax: +44(0)8712360300 Web: www.uksubnet.net
Powered by UKsubnet Internet Service Provider
Business to Business Internet (ISP)
************************************************
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
