RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
In the virus.cfg: ALLOWVULNERABILITY OLBOUNDARYSPACEGAP Declude quarantines these vulnerabilities as viruses due to the fact they contain programmatic flaws for a virus to hide and avoid traditional antivirus detection. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
Eric, A vulnerability is not a virus, and cannot be detected by virus software. When a virus uses a vulnerability, it will bypass a standard mailserver virus scanner, and get delivered to the recipient. This is the benefit of using the Declude rather than the traditional virus scanner to protect you mail server. Declude detects vulnerabilities. The Outlook 'Space Gap' vulnerability occurs when there is a space in one of the MIME headers where there is not normally a space (such as Content-Type : instead of Content-Type:). This is not RFC-compliant, but Outlook will treat it as valid and be able to execute a virus that virus scanners will not usually see. There is no legitimate reason for an E-mail to be formed like this. To turn off this vulnerability check in the virus.cfg ALLOWVULNERABILITY OLSPACEGAP But be aware that you will be potentially allowing a virus to get past your av scanner if it exploits this vulnerability. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
I apologize I copied the wrong directive (Chris was correct), here is the full list: #ALLOWVULNERABILITY OBJECTDATA #ALLOWVULNERABILITY OLCR #ALLOWVULNERABILITY OLSPACEGAP #ALLOWVULNERABILITY OLBLANKFOLDING #ALLOWVULNERABILITY OLMIMEHEADER #ALLOWVULNERABILITY OLMIMESEGMIMEPRE #ALLOWVULNERABILITY MIMESEGMIMEPOST #ALLOWVULNERABILITY OLLONGBOUNDARY #ALLOWVULNERABILITY OLBOUNDARYSPACEGAP #ALLOWVULNERABILITY OLLONGFILENAME #ALLOWVULNERABILITY NONSTANDARDHDR -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
Thanks for the prompt answer. Chris Asaro wrote: In the virus.cfg: ALLOWVULNERABILITY OLBOUNDARYSPACEGAP Declude quarantines these vulnerabilities as viruses due to the fact they contain programmatic flaws for a virus to hide and avoid traditional antivirus detection. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability
How do I get the latest update for the *.cfg configurations? I have checked under /declude/resource and no real changes when I do a file compare to my *.cfg Brando From: David Barker [EMAIL PROTECTED] Sent: Thursday, January 25, 2007 10:02 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I apologize I copied the wrong directive (Chris was correct), here is the full list: #ALLOWVULNERABILITY OBJECTDATA #ALLOWVULNERABILITY OLCR #ALLOWVULNERABILITY OLSPACEGAP #ALLOWVULNERABILITY OLBLANKFOLDING #ALLOWVULNERABILITY OLMIMEHEADER #ALLOWVULNERABILITY OLMIMESEGMIMEPRE #ALLOWVULNERABILITY MIMESEGMIMEPOST #ALLOWVULNERABILITY OLLONGBOUNDARY #ALLOWVULNERABILITY OLBOUNDARYSPACEGAP #ALLOWVULNERABILITY OLLONGFILENAME #ALLOWVULNERABILITY NONSTANDARDHDR -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, January 25, 2007 11:20 AM To: declude.virus@declude.com Subject: [Declude.Virus] Outlook 'Boundary Space Gap' Vulnerability I see several emails with this listed as the virus detected. Is this really a problem and a virus? I did download the file and uploaded to one of the virus test sites and it did come back as no virus found. How do I turn this off? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
