I totally get how wide the hole is, though I wonder about how many of these have been patched for some time? Still though, it doesn't seem to catch any viruses, just 99% spam, and maybe 1% legit E-mail. In fact a search of Google for some of the Vulnerabilities will turn up people bitching about how Declude blocked them :)
The problem is with future viruses.
For example, if you are running IMail AntiVirus (which I am quite certain does not check for vulnerabilities), and a future virus comes out that uses one of these vulnerabilities, you won't be able to block them until Ipswitch comes out with a new version of IMail AntiVirus to catch them. I'm guessing that would take weeks, between Symantec fixing the problem, Ipswitch incorporating it into IMail AntiVirus, testing and so forth.
Imagine if only a very small percentage of mailservers were blocking Mydoom?
I'm just looking for some middle ground possibly. People ask you about turning off individual vulnerability tests all the time on this list, and your answer is always the same, so I'm not trying to rehash that.
Thank you. :)
I'm thinking that if you instead were able to detect a CR vulnerability and then detected a colon on the next line, then you could disprove the exploit because base64 code can't contain a colon (or a number of other characters). Could something simple like that stop the blocking of un-exploited vulnerabilities and give us greater peace of mine?
If there is a reliable and relatively easy way to do so, we'll do it. The problem, though, is in figuring out what Outlook will and will not accept. We *know* that will see a virus under certain circumstances, but knowing more than that would require a huge amount of time (we're not the ones that originally discovered any of these vulnerabilities).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
