Scott,
Would it be possible for these vulnerabilities to have a notification email
associated with them, like banned files? Correct me if I'm wrong, but I
don't believe there are any notification possibilities with these currently.
If this were added, then our users could be automatically
Goran, I take it you are volunteering as the guinea pig?
;)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Goran Jovanovic
Sent: Friday, September 24, 2004 10:09 AM
To: [EMAIL
Would it be possible for these vulnerabilities to have a notification email
associated with them, like banned files? Correct me if I'm wrong, but I
don't believe there are any notification possibilities with these currently.
Actually, they are treated the same as viruses, as far as notifications
Yes there is and has been an option for vulnerability notification.
It is called adding lines like SKIPIFVIRUSNAMEHAS vulnerability and
SKIPIFVIRUSNAMEDOESNOTHAVE vulnerability.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
Well then, I sit corrected...
It would be nice to have more granular control over this, though...to
perhaps only send for particular hosts, IPs, or email addresses in response
to the existing criteria for virus name and vulnerability.
Any thoughts on the exemption/weighting system idea for
It would be nice to have more granular control over this, though...to
perhaps only send for particular hosts, IPs, or email addresses in response
to the existing criteria for virus name and vulnerability.
There are many such options -- for example, ONLYSENDIFRECIP,
ONLYSENDIFSENDER,
Suppose I should have taken the time to read the manual...grin
John, does this help with your issue?
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 24, 2004 2:00 PM
Subject: Re: [Declude.Virus] Paypal and Outlook 'Blank
Without blocking all .JPG files, nothing. The problem is that there is a
lack of information on how to detect such .JPG's.
You can find details about the exploit at
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Thanks for the URL -- although good 'ole Microsoft does specify
Issue is not the notifications. That is how I found out about the problem.
The issue is getting Paypal to fix it.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Darin Cox
Sent: Friday,
Odd. My experience with the BANEXT command is that it caused the entire
email be deleted, not just the banned extension.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith
Sent: Friday, September 24, 2004 11:07 AM
To: [EMAIL PROTECTED]
I understand that. I was trying to help you come up with a workaround in
the meantime.
Perhaps this would have been a good day to roll over and go back to sleep...
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday,
Correct, you can not strip the attachment, the configured action is taken on
the whole message. So, if you have Declude Virus configured to automatically
delete (not recommended) then the whole message is deleted.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original
Odd. My experience with the BANEXT command is that it caused the entire
email be deleted, not just the banned extension.
That is correct. BANEXT will block the entire E-mail.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for
Sleep, what is that?
I spent most of last night working, the rest trying to sleep with a bloody
nose, and then the phone rang at 6:30 AM.
And no, it was not my wife. I am genetically prone to bloody noses in dry
weather. This week, the average humidity in Southern California has been
around 15%.
And no, it was not my wife. I am genetically prone to bloody noses in dry
weather. This week, the average humidity in Southern California has been
around 15%.
Gee, come to Florida where we are about to be hit with our FOURTH hurricane
in about 6 weeks, lots of rain and humidity here!
Sharyn
The most positive step for now is to patch, patch, patch. (At least get
the big holes)
Windows, IE, Office, lots of other current MS products.
Lots of 3rd party products (some of the manufactures will be out of
business)
Who knows about old MS products.
I have not seen a good tool yet for
Do you have the code written enough to know, if SKIPEXT will bypass the
new JPG/JPEG checking?
I assume that this would cause it not to be checked by Virus scanners, so
I'm headed to remove at least JPG.
The Microsoft GDIPlus.DLL JPEG Vulnerability detection will occur whether
or not SKIPEXT
Scott,
If possible, please have the JPG vulnerability detection work
independently of the SKIPEXT setting (not sure if it does already). I'm
not looking forward to having to scan every JPG for this vulnerability.
Another thing that might not be known or not discussed to a great extent
is what
in addition to the one from MS updates.
http://isc.sans.org/gdiscan.php
The notes say to
Ignore files in directories like Windows\$NtUniinstallKBx\
and
Windows\WinSxS. These are old versions left behind for uninstal
purposes.
I included the results from my PC. It looks
We've got too many threads tracking this.
(And way too many nightmare ideas.) As simple as, a Word or WordPad
Document with an infected JPG (or link) that infects PCs with all their
Windows updates (but not their Office updates).
I'm with you. I've got that gut feeling this one is going to get
No thanks. I like to feel dry after using a towel when getting out of the
shower.
As a truck driver, I once made a team run to Marietta Georgia. Once was
quite enough thank you.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
While the PayPal messages apparently aren't properly formatted via the
RFC's, they clearly aren't vulnerabilities. I have always considered this
one of Declude's most questionable features. For marketing purposes, this
is touted as something that Declude stops while other programs don't. It
This looks like a clear explanation to me:
18.3 Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when
there is a line in the headers with just a single space or a single tab
character. Outlook can treat this as the end of the headers, allowing it to
see a virus that is embedded
Greg,
Here's a tool to scan everything on the machine:
http://isc.sans.org/gdiscan.php
Mark
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED],
John,
This is only a vulnerability because of a flaw that once existed in one
E-mail client. To the best of my knowledge, it has not been used to
spread a virus in at least the last year, however this test has
resulted in small numbers of legitimate E-mail being blocked on most
systems.
It
While the PayPal messages apparently aren't properly formatted via the
RFC's, they clearly aren't vulnerabilities.
That's kind of like saying That package that says 'bomb inside' doesn't
really have a bomb in it, and so even though it says it does, it isn't
dangerous. That's very true. But
I would have turned the
vulnerability detection off by now except for the fact that more recently there
has been good progress on malformed file detection that has been useful in
blocking viruses (or at least stopping the banned extension bounce messages on
our system). I would prefer
John Tolmachoff (Lists) wrote:
<>However,
the post I was responding to was questioning
whether or not there was an actual vulnerability, not what to do with
it.
What you define it as is subjective. There is no exploit present in
the messages that are being blocked, and the true
28 matches
Mail list logo
