Re: [Declude.Virus] Invalid file types triggering on an invalid file type

[Darrell \([EMAIL PROTECTED])]

What version are you running Matt in version 3.0.5.20 they fixed a ms-tnef issue with winmail.dat.   This might be the issue you are seeing. Darrell ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. ----- Original Message ----- From: Matt To: declude.virus@declude.com Sent: Tuesday, July 18, 2006 7:48 PM Subject: [Declude.Virus] Invalid file types triggering on an invalid file type I found a message blocked for an "Invalid ZIP Vulnerability", but it doesn't have a zip attachment.  The only attachment on this message is a winmail.dat.  While that winmail.dat file clearly contains data of some sort, I am pretty certain that it is triggering vulnerabilities inappropriately, and I am positive that this message was not a virus. My Declude Virus logs are showing both the Invalid ZIP Vulnerability and a bogus .jpg file.  I would like to turn this detection off.  Is there a switch to turn off this detection? Detail follows: HEADERS FROM THE SINGLE ATTACHMENT ================================================================= ------=_NextPart_000_0056_01C6A9CF.4BDDA860 Content-Type: application/ms-tnef;     name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment;     filename="winmail.dat" VIRUS LOG ENTRIES ================================================================= 07/17/2006 06:32:40.488 q674000a20000e465.smd Vulnerability flags = 862 07/17/2006 06:32:40.566 q674000a20000e465.smd MIME file: winmail.dat [base64; Length=2312012 Checksum=33270092] 07/17/2006 06:32:40.800 q674000a20000e465.smd Virus scanner 1 reports exit code of 0 07/17/2006 06:32:41.253 q674000a20000e465.smd Virus scanner 2 reports exit code of 0 07/17/2006 06:32:41.253 q674000a20000e465.smd Found a bogus .jpg file 07/17/2006 06:32:41.253 q674000a20000e465.smd Invalid ZIP Vulnerability 07/17/2006 06:32:41.253 q674000a20000e465.smd Found a bogus .Zip file 07/17/2006 06:32:41.253 q674000a20000e465.smd File(s) are INFECTED [[Invalid ZIP Vulnerability]: 0] 07/17/2006 06:32:41.253 q674000a20000e465.smd Scanned: CONTAINS A VIRUS [MIME: 7 2314810] 07/17/2006 06:32:41.269 q674000a20000e465.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from ##.##.48.210] 07/17/2006 06:32:41.269 q674000a20000e465.smd Subject: FW: M341092022 / M341092023 Thanks, Matt --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.