Can somebody tell me what this vulnerability is as I do not see it list in the Declude Virus site nor have I seen it discussed here. This is also the first time I have seen this specific vulnerability caught.
This vulnerability occurs when the headers of an E-mail claim that two or more different encoding types are used. A MIME segment can only be encoded in one way, so if there are more than one encoding types listed, it is possible that the mailserver virus scanner and the mail client will use different decoding methods on the E-mail. If this happens, a virus could bypass virus scanning on the mailserver.
My concern in this case is that it came from a Canadian Government site using Lyris Listmanager which is a product we are also using. Is this information that should be forwarded on to the Lyris developers, or is it specific to a version of Lyris and the site just needs to upgrade?
It definitely would be worth contact Lyris (we can provide them with assistance in fixing the problem if necessary). The problem can be seen in these three headers:
Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The first header says that the E-mail is using the "8bit" encoding method, but the third header says that it is using the "quoted-printable" encoding method. If Declude Virus were to assume that it was using the 8bit encoding, it could use the quoted-printable encoding to embed a virus that Declude Virus would not be able to see.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
