Scott,
Thanks for the information. I have just one more question on this. You
said that the MIME vulnerability is because of a misconfigured email client.
Does that mean that even though my user is receiving getting these from a
listserv, that one of the senders to that listserv is misconfigured (not the
listserv itself)? Secondly, I'm not sure where one would fix this on the
client end. Could you give me an example for Outlook Express or something???
I really appreciate all your help.
Jim
----- Original Message -----
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 19, 2002 12:35 PM
Subject: Re: [Declude.Virus] MIME
>
> > I know that this has probably been covered before but I have
received a
> >message from one of users that email is unnecessarily picking up a virus.
> >She was sent a message from the Postmaster of another site stating that
> >their machine is virus free and that we were possibly running our virus
> >scanner at "too high a level". I'm not sure if there is too high a level,
> >but the message sent back to him contained:
> >
> >The Declude Virus software on our mail server detected the [Outlook 'MIME
> > > segment in MIME Preamble' Vulnerability]
>
> The key here isn't a "level" -- the user is sending an E-mail that
contains
> a vulnerability.
>
> > I'm really not sure what I can tell him about this and I've looked
in
> >the virus.cfg file to see if something was written specifically for this.
> >Could someone, please, enlighten me or make some suggestions?? Thanks.
>
> This is a newly discovered vulnerability where (guess what?) Outlook will
> gladly accept attachments that are sent in a location that they aren't
> supposed to be sent (in the "MIME preamble"). The RFCs do NOT allow
E-mail
> to be sent in this way, and since such E-mail can contain a virus that
> can't be scanned, it is treated as a vulnerability. The person sending it
> needs to fix their mail client.
> -Scott
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
