Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability
Wouldn't you want to send the support request to the developers of incredimail? They are the ones who are generating the invalid header. Declude is only warning you about it. Dean On Dec 3, 2007 7:47 AM, Mon Mariola - Rubén [EMAIL PROTECTED] wrote: The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability
Maybe I explained poorly. I want to send the request to Incredimail technical support. My doubt is that the Declude manual says that according to section 3.2.3 of RFC822, it is not valid to have such lines, and I not located in RFC822 that section. http://www.faqs.org/rfcs/rfc822.html After reading the RFC 822, I see that the process unfolding allows these lines, but I do not see where specifies that are invalid. I need this information for the technical support Incredimail correct this problem. Thank you. Ruben Marti. Mon Mariola, S.L. - Original Message - From: Dean Lawrence To: declude.junkmail@declude.com Sent: Monday, December 03, 2007 2:53 PM Subject: Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability Wouldn't you want to send the support request to the developers of incredimail? They are the ones who are generating the invalid header. Declude is only warning you about it. Dean On Dec 3, 2007 7:47 AM, Mon Mariola - Rubén [EMAIL PROTECTED] wrote: The program incredimail generates subjects, in certain cases, ended with 0D 0A 09 0D 0A. These messages are captured by Declude virus like Outlook 'Blank Folding' Vulnerability. I want to send a letter requesting to technical support solve this problem, but I really do not see the point 3.2.3 in RFC 822 indicating that this is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. From Declude manual: Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers). --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability
The 'Blank Folding' vulnerability may be allowed by the RFC, but that doesn't make them the right thing to do. The problem is that virus scanners don't scan for attachments that could be embedded into the headers in one of these lines but Outlook would still execute them.Just because no virus has used this technique yet is not a good reason to continue to leave the door open. - Original Message - From: Mon Mariola - Rubén [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, December 03, 2007 9:40 AM Subject: Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability Maybe I explained poorly. I want to send the request to Incredimail technical support. My doubt is that the Declude manual says that according to section 3.2.3 of RFC822, it is not valid to have such lines, and I not located in RFC822 that section. http://www.faqs.org/rfcs/rfc822.html After reading the RFC 822, I see that the process unfolding allows these lines, but I do not see where specifies that are invalid. I need this information for the technical support Incredimail correct this problem. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability
I agree with all your comments, but if so, I ask the team declude correct the Declude manual to reflect the truth. Now I read in the Declude manual that RFC does not allow such lines. It will be difficult to convince the Incredimail technical support to solve this problem if I can not find a section in RFC specifying that is not allowed. Thank you. Ruben Marti. Mon Mariola, S.L. - Original Message - From: Mike N. To: declude.junkmail@declude.com Sent: Monday, December 03, 2007 4:00 PM Subject: Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability The 'Blank Folding' vulnerability may be allowed by the RFC, but that doesn't make them the right thing to do. The problem is that virus scanners don't scan for attachments that could be embedded into the headers in one of these lines but Outlook would still execute them.Just because no virus has used this technique yet is not a good reason to continue to leave the door open. - Original Message - From: Mon Mariola - Rubén [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, December 03, 2007 9:40 AM Subject: Re: [Declude.JunkMail] Outlook 'Blank Folding' Vulnerability Maybe I explained poorly. I want to send the request to Incredimail technical support. My doubt is that the Declude manual says that according to section 3.2.3 of RFC822, it is not valid to have such lines, and I not located in RFC822 that section. http://www.faqs.org/rfcs/rfc822.html After reading the RFC 822, I see that the process unfolding allows these lines, but I do not see where specifies that are invalid. I need this information for the technical support Incredimail correct this problem. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outlook Blank Folding Vulnerability
We have had a user get a plain-text message he sent out using Thunderbird 1.0.2 that got caught by this check in Declude Junkmail. Just wondering what precisely the error is and why Thunderbird-generated messages would be getting nailed with it. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outlook Blank Folding Vulnerability
A similar Outlook CR vulnerability was just discussed; check the archives at: http://www.mail-archive.com/declude.virus%40declude.com/msg12356.html The same things would apply. The manual does list the gory details of what each vulnerability looks for, if you're interested. Andrew 8) P.s. Hello, V.I.! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of A. Clausen Sent: Wednesday, August 17, 2005 10:03 AM To: Declude JunkMail Subject: [Declude.JunkMail] Outlook Blank Folding Vulnerability We have had a user get a plain-text message he sent out using Thunderbird 1.0.2 that got caught by this check in Declude Junkmail. Just wondering what precisely the error is and why Thunderbird-generated messages would be getting nailed with it. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outlook Blank Folding Vulnerability
-- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 17 Aug 2005 11:01:48 -0700 A similar Outlook CR vulnerability was just discussed; check the archives at: http://www.mail-archive.com/declude.virus%40declude.com/msg12356.html The same things would apply. The manual does list the gory details of what each vulnerability looks for, if you're interested. So, what is the best solution? Disable checking for this particular vulnerability? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outlook Blank Folding Vulnerability
Instant recap: Option 1) Let the virus scanner handle it, i.e. BANCRVIRUSESOFF Option 2) Upgrade to the current declude.exe and turn off the vulnerabilities as you find that they cause false positives, i.e. ALLOWVULNERABILITYOLBLANKFOLDING I chose Option 1) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Clausen Sent: Wednesday, August 17, 2005 3:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Outlook Blank Folding Vulnerability -- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 17 Aug 2005 11:01:48 -0700 A similar Outlook CR vulnerability was just discussed; check the archives at: http://www.mail-archive.com/declude.virus%40declude.com/msg12356.html The same things would apply. The manual does list the gory details of what each vulnerability looks for, if you're interested. So, what is the best solution? Disable checking for this particular vulnerability? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outlook Blank Folding Vulnerability
Just to clarify one thing. While there are certainly issues with tagging legitimate E-mail with the Outlook CR Vulnerability, it doesn't have problems specifically with any popular E-mail clients including Thunderbird. The CR issues that were being tagged were likely the result of some sort of gateway that was modifying the headers on the way out of the sender's E-mail system where the headers were modified to contain a CR character instead of a CR LF which is standard. The sender's system should be fixed. I certainly wouldn't frown upon turning off the detection for this. Matt Aaron Clausen wrote: -- Original Message -- From: "Colbeck, Andrew" [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 17 Aug 2005 11:01:48 -0700 A similar Outlook CR vulnerability was just discussed; check the archives at: http://www.mail-archive.com/declude.virus%40declude.com/msg12356.html The same things would apply. The manual does list the gory details of what each vulnerability looks for, if you're interested. So, what is the best solution? Disable checking for this particular vulnerability?
