RE: [Declude.Virus] Blank folding vulnerablity help

[Marc Catuogno]

So since I am running 1.82 I can either allow all vulnerabilities or not… I have been putting off upgrading till IMAIL and Declude are all at nice stable releases… Any input on what the latest/best working combo  is?   Crap.    Thank you!   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 30, 2006 5:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help   ALLOWVULNERABILITIESFROM came in 2.0.  They never documented ALLOWVULNERABILITY in the release notes, but I know it works in 2.0.6.14 and higher.  I think it came along somewhere after 2.0.6.0 Matt Marc Catuogno wrote: Matt thank you – What version of Declude is needed for these “allows”?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 30, 2006 5:09 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Blank folding vulnerablity help   Marc, It was certainly a vulnerability at one point, but it was discovered years ago and should be long patched, plus I have never ever seen an exploit; I have however seen a steady stream of false positives with it. You can turn this off by using the following line in your Virus.cfg so long as you are on at least 2.0.6 (I'm not sure when exactly it was introduced). ALLOWVULNERABILITY    OLBLANKFOLDING I would actually suggest turning off all of the following: ALLOWVULNERABILITY    OLCR ALLOWVULNERABILITY    OLSPACEGAP ALLOWVULNERABILITY    OLMIMESEGMIMEPRE ALLOWVULNERABILITY    OLMIMESEGMIMEPOST ALLOWVULNERABILITY    OLLONGFILENAME ALLOWVULNERABILITY    OLBLANKFOLDING ALLOWVULNERABILITY    OBJECTDATA ALLOWVULNERABILITY    OLBOUNDARYSPACEGAP If you want to leave all of this stuff in and suffer from other false positives that they create, you can instead just exclude a single address using the following line in your Virus.cfg: ALLOWVULNERABILITIESFROM   [EMAIL PROTECTED] Matt Marc Catuogno wrote: Somebody is sending e-mail that must get through (of course) and it is failing the blank folding Vulnerability test.  What can I tell this person they should do to not have this e-mail get caught?  I don’t want to allow vulnerabilities through but….   01/20/2006 07:25:44 Qd6c809e500d45890 Outlook 'Blank Folding' vulnerability in line 18 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [text/html][quoted-printable; Length=18542 Checksum=1227819] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4306 Checksum=452062] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=1034 Checksum=131676] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=856 Checksum=109734] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=7726 Checksum=981323] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=82 Checksum=8156] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=112 Checksum=14660] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=811 Checksum=104494] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/png][base64; Length=635 Checksum=80089] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/jpeg][base64; Length=4089 Checksum=441269] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=101 Checksum=14757] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: [image/gif][base64; Length=310 Checksum=41235] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00418 [base64; Length=1744 Checksum=207233] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00421 [base64; Length=664 Checksum=83706] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00424 [base64; Length=1118 Checksum=136918] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00427 [base64; Length=12674 Checksum=1212421] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00430 [base64; Length=82 Checksum=7785] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00433 [base64; Length=112 Checksum=14219] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00436 [base64; Length=685 Checksum=83744] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00439 [base64; Length=1361 Checksum=169802] 01/20/2006 07:25:44 Qd6c809e500d45890 MIME file: ATT00442 [base64; Length=101 Checksum=14316] 01/20/2006 07:25:45 Qd6c809e500d45890 File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0]