>Could you give us a little more information on *what* new >vulnerabilities are being detected?
The two new ones that are detected as vulnerabilities are the Outlook "Space Gap" vulnerability (actually several vulnerabilities rolled into one description) and the Outlook "Long Boundary" vulnerability. Both of these recently discovered vulnerabilities allow viruses to be sent to Outlook, while bypassing many mailserver virus scanners. The "numerous" part refers to vulnerabilities that Declude Virus won't detect as vulnerabilities, but instead will detect properly as viruses. That means that an E-mail using these vulnerabilities will only get caught if it contains an actual virus (which prevents false positives, such as the spammers that send E-mail with the Outlook "Blank Folding" vulnerability). These include all sorts of tricks that could be used by viruses, such as adding an "0x00" (NUL) character in the middle of a MIME segment, using invalid characters in base64 encoding that Outlook will treat as valid characters, using lines in MIME segments that are longer than allowed, and so forth. There are no known viruses that actually use any of these vulnerabilities. However, we wanted to be proactive and be prepared in case there are any (which is likely). A lot of this is based on a set of over 200 test files that were created by http://www.av-test.org . Declude Virus v1.61 will catch every file that they have that [1] contains the eicar.com file and [2] at least one mail client is known to be able to extract it. They include several test files that do not include the eicar.com file (which Declude Virus handles appropriately), as well as a number of invalid files that are not known to be "openable" in any mail client (many of which Declude Virus will catch, others it will not, but there is no indication that there is a need for them to be caught). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
