Me three, as I have the same configuration. For what it's worth, I have seen this exploit blocked on our web proxy server many times, but I've only seen it a few times in email; each of those times, the .jpg was not contained in the message, it was dropped from inside a compressed executable, or it was fetched from a webserver.
Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, May 06, 2005 10:43 AM To: [email protected] Subject: Re: [Declude.Virus] Question concerning SKIPEXT and GDI+ Vulnerability detection I'd like to know the answer to this as well... I do use SKIPEXT JPG SKIPEXT JPEG to skip JPEGs since the larger couple MB JPEGs sure choke the virus scanning engines. ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, May 06, 2005 11:57 AM Subject: [Declude.Virus] Question concerning SKIPEXT and GDI+ Vulnerability detection > To my good buddies at Declude :) (ok, you made me very happy twice > yesterday) > > I understand that SKIPEXT JPG would cause files with JPG extensions to > not > be scanned with the virus scanners, but would that also disable the > JPG/GDI+ Vulnerability detection? > > Many of us stopped skipping JPG's and other associated files when the > GDI+ > exploits were first discovered, but they seem to have become duds as far > as actively spreading viruses (though I have seen them on sites linked to > in spam as a way to install spyware). JPG's however are fairly common in > E-mail and it would be a big improvement to be able to skip scanning them, > and if we were protected with the vulnerability detection, I would feel > comfortable turning off virus scanning of JPG's until a mass-mailing virus > is seen. I wouldn't want to leave myself completely unprotected however. > > Thanks, > > Matt > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
