In the case of mailserver AV vulnerabilities, like the outlook "Blank Folding" vulnerability, a mailserver AV program can't realistically tell if there is a virus or not. For a mailserver AV program to not block vulnerabilities is about the equivalent of a backdoor in a mailserver AV program where it will let E-mail go through unscanned if it contains the phrase "Your credit card is about to be cancelled!". All a virus writer would have to do is add that phrase, and their virus would be delivered to someone who thinks that they are protected against viruses.
I totally get how wide the hole is, though I wonder about how many of these have been patched for some time? Still though, it doesn't seem to catch any viruses, just 99% spam, and maybe 1% legit E-mail. In fact a search of Google for some of the Vulnerabilities will turn up people bitching about how Declude blocked them :)
I'm just looking for some middle ground possibly. People ask you about turning off individual vulnerability tests all the time on this list, and your answer is always the same, so I'm not trying to rehash that. I'm thinking that if you instead were able to detect a CR vulnerability and then detected a colon on the next line, then you could disprove the exploit because base64 code can't contain a colon (or a number of other characters). Could something simple like that stop the blocking of un-exploited vulnerabilities and give us greater peace of mine?
Matt
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
