I would much rather prefer to filter vulnerabilities with JunkMail. This stuff scares me.
The fact that it scares you is exactly why it should be done with Declude Virus.
Scott, isn't this somewhat the equivalent of a virus scanner going after Zap The Dingbat??? There's no virus there, just a suspicious pattern which could be used to pack in a virus. Maybe the better approach would be to not only look for the vulnerability, but also the exploit?
This is very different.
An E-mail that contains the "Zap The Dingbat" exploit is one tiny part in a series of events that need to occur for a user to get a virus (or give out information to a phishing expedition). If an E-mail containing that exploit also contains a virus, the virus will get caught. That's because the exploit is separate from the virus.
In the case of mailserver AV vulnerabilities, like the outlook "Blank Folding" vulnerability, a mailserver AV program can't realistically tell if there is a virus or not. For a mailserver AV program to not block vulnerabilities is about the equivalent of a backdoor in a mailserver AV program where it will let E-mail go through unscanned if it contains the phrase "Your credit card is about to be cancelled!". All a virus writer would have to do is add that phrase, and their virus would be delivered to someone who thinks that they are protected against viruses.
In this case, though, all of the mailserver vulnerabilities should not occur in normal mail, and will normally only occur in non-RFC-compliant mail.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
