Re: [Declude.Virus] Partial Vulnerability test failures on legitmate email
Thanks for the response! Randy A. - Original Message - From: Andy Schmidt To: declude.virus@declude.com Sent: Thursday, October 11, 2007 5:14 PM Subject: RE: [Declude.Virus] Partial Vulnerability test failures on legitmate email Hi, Actually, the Partial/Fragmented Vulnerability is one that ideally should be left in place. I'm not certain that this test can be circumvented individually - at least it's not on this list: http://www.declude.com/Version/Manuals/EVA/EVA_4.0.8.asp. Before HTML messages and picture attachments - and consequently support for messages that are many megabytes in size, there was a frequently used option (specially for NNTP newsgroups, if I recall correctly), where an email software would split a message into smaller fragments and then send each fragment was one email. The receiving software would look for the fragments and re-assemble them into a single message. Since it prevents virus detection at the server level, fragmented messages should no longer be accepted (and, with today's technology and size allowances, there really is no use for it). I have seen some devices (such as a Ricoh Sanner/Fax/Printer combination) still have the setting to create fragments after xx KB. And even Outlook Express can still generate fragments (see screenshot). However, I've never had trouble explaining to clients (and senders), why this option should remain off: Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy Armbrecht Sent: Thursday, October 11, 2007 3:45 PM To: declude.virus@declude.com Subject: [Declude.Virus] Partial Vulnerability test failures on legitmate email Does anyone know which Outlook Vulnerability test to REM out in the virus.cfg to keep the [Partial Vulnerability] test from failing? We are on 4.3.59 and this test is catching a number of legitmate emails recently and I need to turn this test off until the vulerability test fix is done so I can try it again. Has MS made updates to Outlook to affect this? this has just started on us about 5 days ago Randy A. Global Web Solutions Inc --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. image001.png
RE: [Declude.Virus] Partial Vulnerability test failures on legitmate email
Hi, Actually, the Partial/Fragmented Vulnerability is one that ideally should be left in place. I'm not certain that this test can be circumvented individually - at least it's not on this list: http://www.declude.com/Version/Manuals/EVA/EVA_4.0.8.asp. Before HTML messages and picture attachments - and consequently support for messages that are many megabytes in size, there was a frequently used option (specially for NNTP newsgroups, if I recall correctly), where an email software would split a message into smaller fragments and then send each fragment was one email. The receiving software would look for the fragments and re-assemble them into a single message. Since it prevents virus detection at the server level, fragmented messages should no longer be accepted (and, with today's technology and size allowances, there really is no use for it). I have seen some devices (such as a Ricoh Sanner/Fax/Printer combination) still have the setting to create fragments after xx KB. And even Outlook Express can still generate fragments (see screenshot). However, I've never had trouble explaining to clients (and senders), why this option should remain off: Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy Armbrecht Sent: Thursday, October 11, 2007 3:45 PM To: declude.virus@declude.com Subject: [Declude.Virus] Partial Vulnerability test failures on legitmate email Does anyone know which Outlook Vulnerability test to REM out in the virus.cfg to keep the [Partial Vulnerability] test from failing? We are on 4.3.59 and this test is catching a number of legitmate emails recently and I need to turn this test off until the vulerability test fix is done so I can try it again. Has MS made updates to Outlook to affect this? this has just started on us about 5 days ago Randy A. Global Web Solutions Inc --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.image001.png
Re: [Declude.Virus] Partial Vulnerability test failures on legitmate email
To the best of my knowledge, this has never been exploited by a mass mailing virus, but some people do in fact go into their mail client and check the box to enable this despite it being old-hat. I would recommend leaving it off until the exploits actually occur. It is also possible that virus scanners can detect a virus in a partial message and of course there is spam blocking so it wouldn't mean a complete lack of detection on the server side. Matt Andy Schmidt wrote: Hi, Actually, the Partial/Fragmented Vulnerability is one that ideally should be left in place. Im not certain that this test can be circumvented individually at least its not on this list: http://www.declude.com/Version/Manuals/EVA/EVA_4.0.8.asp. Before HTML messages and picture attachments and consequently support for messages that are many megabytes in size, there was a frequently used option (specially for NNTP newsgroups, if I recall correctly), where an email software would split a message into smaller fragments and then send each fragment was one email. The receiving software would look for the fragments and re-assemble them into a single message. Since it prevents virus detection at the server level, fragmented messages should no longer be accepted (and, with todays technology and size allowances, there really is no use for it). I have seen some devices (such as a Ricoh Sanner/Fax/Printer combination) still have the setting to create fragments after xx KB. And even Outlook Express can still generate fragments (see screenshot). However, Ive never had trouble explaining to clients (and senders), why this option should remain off: Best Regards, Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Randy Armbrecht Sent: Thursday, October 11, 2007 3:45 PM To: declude.virus@declude.com Subject: [Declude.Virus] Partial Vulnerability test failures on legitmate email Does anyone know which Outlook Vulnerability test to REM out in the virus.cfg to keep the [Partial Vulnerability] test from failing? We are on 4.3.59 and this test is catching a number of legitmate emails recently and I need to turn this test off until the vulerability test fix is done so I can try it again. Has MS made updates to Outlook to affect this? this has just started on us about 5 days ago Randy A. Global Web Solutions Inc --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
