We have a client that had an e-mail caught by Declude Virus because of what it refers to as the "[Outlook 'MIME segment in MIME Preamble' Vulnerability] " virus.
Can someone tell me more about this "virus"? Am I correct in assuming that this is not specifically a virus as much as it is a vulnerability which could indicate a virus?
That is correct, a vulnerability is not necessarily a virus. In this case, it means that the virus scanner did not detect a virus (or else the name of the virus would be shown), but instead an E-mail was detected with a vulnerability (that could be a new virus, or one that is not possible to detect except as a vulnerability).
Is it common practice to block for these or is this something that can be safely passed through?
Although today about 99% do not contain viruses, tomorrow that could change to 10% or less. It is safe to let it through *if* you know that it does not contain a virus. But, given that the E-mail contains a vulnerability, it is even harder to tell if it has a virus.
The best option is always to force the sender to fix the problem on their end.
Is there any way to fix this from the sender's side?
Yes -- that's the only way to fix the problem. In almost all cases, upgrading the software they use to send the E-mail is necessary.
Note that any up-to-date mailserver AV program should block these vulnerabilities, so it is definitely in the best interest of the sender to fix the problem.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
