Ditto with me. Everything tests great!! Good work Scott and Declude.
Jim
----- Original Message -----
From: "Don Schreiner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 19, 2002 1:26 AM
Subject: RE: [IMail Forum] Outlook vulnerability allows viruses to bypass
SMTP AV scanners
> Just upgraded virus.cfg, tested, and works good! Thanks for quickly
> getting this to us.
>
> -Don
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
> Sent: Monday, February 18, 2002 11:13 PM
> To: [EMAIL PROTECTED]
> Subject: [IMail Forum] Outlook vulnerability allows viruses to bypass
> SMTP AV scanners
>
> FYI, we just found out this evening that a new vulnerability has been
> found
> in Outlook that can cause viruses to be sent within the headers of an
> E-mail, which will bypass most/all SMTP-based virus scanners.
>
> We have just released a new version of Declude Virus that will
> automatically detect this vulnerability. For people using other virus
> scanners, you may want to use our Test Mail Sender at
> http://www.declude.com/tools/mailsend.html and send yourself the
> "eicarcr-
> To test Outlook CR vulnerability" file. The E-mail should be caught by
> your SMTP-based virus scanner, and should not be delivered to your
> E-mail
> client. If not, you should update your SMTP-based virus scanner as soon
> as
> an update is available.
>
> The vulnerability entails sending two carriage returns in a row ("CRCR")
> in
> the middle of an E-mail header. This has no meaning in SMTP (and
> therefore
> should be treated as part of the header), but Outlook treats this as if
> it
> were a "CRLFCRLF", which would end the headers. So once this part of
> the
> headers is reached, a standard E-mail program or SMTP-based virus
> scanner
> will treat the next line as a header, but Outlook will treat it as the
> body
> of the E-mail. If an attachment is placed here, Outlook will see it and
>
> treat it as an attachment. However, the standard E-mail client or
> SMTP-based virus scanner will realize that these should be standard
> headers, and won't see the attachment.
>
> It has been reported that there are viruses in the works that may take
> advantage of this vulnerability. In order to be effective, they would
> need
> to be small (less than about 7K encoded), which will make it difficult
> for
> "script kiddies" to write such a virus, but it can certainly be
> done. Since Outlook tends to be the main source for spreading viruses,
> this is something that should be taken seriously.
>
> More details can be found at
> http://www.openoffice.nl/special_interest/outlookbug.html .
>
> -Scott
> ---
> Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
> IMail. http://www.declude.com
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> ----------
> [This e-mail scanned by CompBiz for Viruses. http://www.CompBiz.Net]
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
