I would much rather prefer to filter vulnerabilities with JunkMail.  This stuff scares me.  I've got to turn it off.

Scott, isn't this somewhat the equivalent of a virus scanner going after Zap The Dingbat???  There's no virus there, just a suspicious pattern which could be used to pack in a virus.  Maybe the better approach would be to not only look for the vulnerability, but also the exploit?

Matt



Markus Gufler wrote:
 
We hold messages failing the vulnerability tests. Our local customer
receives an alert containing a link where he can requeue the hold message.
The remote user receives an alert that the message was blocked temporaly
because the message was formated in a manner like Mail-worms will do.

Unfortunately there is out IncrediMail (www.incredimail.com) a real
"incredible" eMail client: In short it's the complete oposite of Pine, Mutt
or Elm. Practicaly the Disney edition of e-mail software. As I've seen such
type of software usually is used by "very professional and expert" people.
;-)

The problem: It looks like IncrediMail has introduced many new and very very
important email features like colored backgrounds, emoticons, animations,
... but is not able to create a proper simple email.

Question: Are vulnerabilities like "Blank folding" non-RFC conform formats
or is this simply a "suspiciuos" string?
Means: It's a problem of MS sharing Software that has so much bugs, or it's
a problem of Incredimail not being able to create a proper email?

Markus

  



Subject:
Virus Report
From:
"Postmaster" <[EMAIL PROTECTED]>
Date:
Fri, 6 Feb 2004 19:41:59 +0100
To:
<[EMAIL PROTECTED]>

Virus Report

 
 Virus:      [Outlook 'Blank Folding' Vulnerability]
 File:       [No attachment]
 from:       [EMAIL PROTECTED]
 to:         [EMAIL PROTECTED] 
 Subject:    =?iso-8859-1?B?ZvxyIEV2ZWx5bg==?=
 recipients: 1
 Queuename:  Ddff300c3007c46d3.SMD
 Date:       02/06/2004
 Time:       19:41:59
 Remotehost: gmx.net (213.165.64.20)
 Localhost:  local-domain.com
 D.Version:  1.77

 Header:
 Received: from mail.gmx.net [214.165.74.25] by mail.zcom.it
  (SMTPD32-7.15) id AFF3C3007C; Fri, 06 Feb 2004 19:41:55 +0100
Received: (qmail 25379 invoked by uid 65534); 6 Feb 2004 18:41:53 -0000
Received: from pppfree130-39-tn.aknet.it (HELO pc) (214.31.134.39)
  by mail.gmx.net (mp027) with SMTP; 06 Feb 2004 19:41:53 +0100
X-Authenticated: #11712298
MIME-Version: 1.0
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 6 Feb 2004 20:41:47 +0100 (Westeuropäische Normalzeit)
Content-Type: Multipart/Mixed;
  boundary="------------Boundary-00=_NLEODL51VA4000000000"
X-Mailer: IncrediMail (2001184)
From: "Remote User" <[EMAIL PROTECTED]>
X-FID: FLAVOR00-NONE-0000-0000-000000000000
X-Priority: 3
To: "Customer" <[EMAIL PROTECTED]>
Subject: =?iso-8859-1?B?ZvxyIEV2ZWx5bg==?=
       





-- 
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================

Reply via email to