Hi, Now all Declude needs to do, at least it would be nice if they did...., is find a way to make these subjects Date: 01 Aug 2007 09:57:25 Subject: =?ISO-2022-JP?B?GyRCQ084NSROJSolUCU1JXMkckp6JC0kPyQkJEckOSQrISklbCVZGyhC?= Spool File: D3cde019e00009042.smd Remote IP: 58.236.15.183 readable in those notification messages. I understand what is going on but stilll it's unreadable for most people.
Anyone at Declude want to comment on this? Is this something that can be fixed easily or will it take some heavy programming because of all the different possible charsets? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl ----- Original Message ----- From: Darin Cox To: declude.virus@declude.com Sent: Wednesday, August 01, 2007 12:33 AM Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We use this vulnerability.eml ---------------------------------------- -- Begin vulnerability.eml ---------------------------------------- SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability ONLYSENDIFREMOTESENDER From: [EMAIL PROTECTED] To: %ALLRECIPS% Subject: Suspected malicious email blocked Delivery blocked: %LOCALRECIPS% The mail server for %LOCALHOST% scans each e-mail for Viruses, junk mail, (spam) and e-mail vulnerabilities. (Vulnerabilities are those which can allow a virus or other malicious content to hide from virus scanners and junk mail filters.) We caught an e-mail addressed to you that is formatted with %VIRUSNAME%, and have quarantined it for your protection. If you recognize the below information as a valid email that you want or should have received, please click on the link below to have the message released for delivery. Otherwise, the e-mail will be deleted automatically after seven days. http://www.example.com/requeue.asp?msgid=%QUEUENAME% Please note that the email could contain dangerous content. Use at your own risk. Original message information follows ==================================== FROM: %MAILFROM% TO: %ALLRECIPS% SUBJECT: %SUBJECT% DATE: %DATE% @ %TIME% %HEADERS% ---------------------------------------- -- End vulnerability.eml ---------------------------------------- You'll want to replace the link in the email with one appropriate for you. and the following requeue.asp script. ---------------------------------------- -- Begin REQUEUE.ASP ---------------------------------------- <[EMAIL PROTECTED]> <% // ------------------------------------------------------- // requires IUSR permissions to the following directories // ------------------------------------------------------- var virusdir="c:\\imail\\spool\\virus\\"; var spooldir="c:\\imail\\spool\\"; var file=""+Request.QueryString("msgid"); file=file.substr(1); fso = new ActiveXObject ("Scripting.FileSystemObject"); if (fso.FileExists(virusdir+"D"+file)) { fso.MoveFile(virusdir+"D"+file, spooldir+"D"+file); fso.MoveFile(virusdir+"Q"+file, spooldir+"Q"+file); Response.Write("Please check your e-mail in a few minutes for the message you requested."); } else { Response.Write("Message does not exist, or has already been released for normal delivery."); } %> ---------------------------------------- -- End REQUEUE.ASP ---------------------------------------- You'll need to change the path to the path for your IMail spool directory. This inserts the message back into the queue for the next queue run. Others have gone a step further to call SMTP32.exe with the queue file name to delivery it immediately. Hope this helps, Darin. ----- Original Message ----- From: "Jared Pickerell" <[EMAIL PROTECTED]> To: <declude.virus@declude.com> Sent: Tuesday, July 31, 2007 6:02 PM Subject: RE: [Declude.Virus] [Invalid ZIP Vulnerability] How would you go about setting up the ability to "include a link to a script to re-queue the message for delivery"? I'd be interested in that. Jared -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, July 31, 2007 4:23 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We got slammed with them today as well. It caught a bunch that made it past spam filtering (we run AVAFTERJM ON). So I'd second that recommendation to NOT turn it off. If you're concerned about delivery, set up an email notification to let the intended recipient know the message was held, and include a link to a script to requeue the message for delivery. Darin. ----- Original Message ----- From: "Shayne Embry" <[EMAIL PROTECTED]> To: <declude.virus@declude.com> Sent: Tuesday, July 31, 2007 5:09 PM Subject: re: [Declude.Virus] [Invalid ZIP Vulnerability] Not too sure you'd want to turn that off. We've been getting hit by a wave of messages the last two days, all with the same vulnerability. I've been too busy to spend any time looking at the payload...but if they're not viruses they are definitely spam. I'm catching about 40 per hour, widely distributed among about 550 accounts across 100 domains. Shayne Embry -------- Original Message -------- > From: Heimir Eidskrem <[EMAIL PROTECTED]> > Sent: Tuesday, July 31, 2007 2:53 PM > To: declude.virus@declude.com > Subject: [Declude.Virus] [Invalid ZIP Vulnerability] > > How do I turn this off. > I am having emails held as virus but they are not. > They do contain pdfs and doc files. > > Could not find it in the manual. > > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
