Hi Ferrell, I can assure you that the MIME segment in MIME Postamble Vulnerability is triggering correctly.
This vulnerability occurs when it appears as though a MIME segment is occurring after the end of the MIME body (specifically, a MIME segment with a boundary other than the one specified appears in the MIME postamble). Outlook may see this as an attachment. Although technically valid, there is no legitimate reason for an E-mail to be sent like this. When a virus uses this type of vulnerability, it will bypass a standard mail server virus scanner, and get delivered to the recipient. You have several options: 1. Disable the MIME segment in MIME Postamble Vulnerability check altogether. In the virus.cfg ALLOWVULNERABILITY MIMESEGMIMEPOST 2. Allow all vulnerabilities FROM a specific email address or domain ALLOWVULNERABILITIESFROM exam...@example.com 3. Allow all vulnerabilities TO a specific email address or domain ALLOWVULNERABILITIESTO exam...@example.com Unfortunately there is not a way to allow an IP range. David -----Original Message----- From: Ferrell Ard [mailto:ferr...@badpuppy.com] Sent: Thursday, November 03, 2011 9:02 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] MIME segment in MIME Postamble We are seeing quite a few email's being caught as VIRUS by X-Declude-Virus: Detected [Outlook 'MIME segment in MIME Postamble' Vulnerability] [from IP 173.227.130.61 (mail.politics1.com)]. The email DOES have (at the end) --------------Boundary-00=_TY255O4SHK9FB43NIKKB-- --------------Boundary-00=_TY25HSX59YWNJLA59R1V-- Is there a way to ALLOW this from a given IP range? ex 173.227.130.0 255.255.255.0 Thanks very much Ferrell Ard --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
