RE: [Declude.Virus] Invalid Zip Vulnerability

2008-03-06 Thread Andy Schmidt
John T Sent: Thursday, March 06, 2008 10:54 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Invalid Zip Vulnerability No name, just the extenesion? John T eServices For You -Original Message- From: "Andy Schmidt" <[EMAIL PROTECTED]> Sent 3/3/2008 9:30:

Re: [Declude.Virus] Invalid Zip Vulnerability

2008-03-06 Thread John T
No name, just the extenesion?John T eServices For You -Original Message- From: "Andy Schmidt" <[EMAIL PROTECTED]> Sent 3/3/2008 9:30:59 AM To: [EMAIL PROTECTED] Cc: declude.virus@declude.com Subject: [Declude.Virus] Invalid Zip VulnerabilityHi, I checked your KB – and it doesn’t document t

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-08-01 Thread Bonno Bloksma
Sent: Wednesday, August 01, 2007 12:33 AM Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We use this vulnerability.eml -- Begin vulnerability.eml SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerab

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Darin Cox
he users get notifications for things they don't need to. Thanks! Jared -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, July 31, 2007 5:34 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We

RE: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Jared Pickerell
this specific to which scanner(s) I am using? Thanks Jared -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, July 31, 2007 6:40 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] Yep. You ca

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Darin Cox
don't need to. Thanks! Jared -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, July 31, 2007 5:34 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We use this vulnerability.eml

RE: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Jared Pickerell
Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, July 31, 2007 5:34 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We use this vulnerability.eml -

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Darin Cox
he next queue run. Others have gone a step further to call SMTP32.exe with the queue file name to delivery it immediately. Hope this helps, Darin. ----- Original Message - From: "Jared Pickerell" <[EMAIL PROTECTED]> To: Sent: Tuesday, July 31, 2007 6:02 PM Subject: RE: [Declud

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Darin Cox
The point is you may let some not-yet-detected viruses through, but in any case you can do that with a switch in the virus.cfg. Darin. - Original Message - From: Heimir Eidskrem To: declude.virus@declude.com Sent: Tuesday, July 31, 2007 6:23 PM Subject: Re: [Declude.Virus] [Invalid

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Heimir Eidskrem
Darin Cox Sent: Tuesday, July 31, 2007 4:23 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We got slammed with them today as well. It caught a bunch that made it past spam filtering (we run AVAFTERJM ON). So I'd second that recommendation to

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Heimir Eidskrem
They are neither virus or spam but legit email. Shayne Embry wrote: Not too sure you'd want to turn that off. We've been getting hit by a wave of messages the last two days, all with the same vulnerability. I've been too busy to spend any time looking at the payload...but if they're not viruses

RE: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Jared Pickerell
2007 4:23 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] [Invalid ZIP Vulnerability] We got slammed with them today as well. It caught a bunch that made it past spam filtering (we run AVAFTERJM ON). So I'd second that recommendation to NOT turn it off. If you're concerned

Re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Darin Cox
e was held, and include a link to a script to requeue the message for delivery. Darin. - Original Message - From: "Shayne Embry" <[EMAIL PROTECTED]> To: Sent: Tuesday, July 31, 2007 5:09 PM Subject: re: [Declude.Virus] [Invalid ZIP Vulnerability] Not too sure you'

re: [Declude.Virus] [Invalid ZIP Vulnerability]

2007-07-31 Thread Shayne Embry
Not too sure you'd want to turn that off. We've been getting hit by a wave of messages the last two days, all with the same vulnerability. I've been too busy to spend any time looking at the payload...but if they're not viruses they are definitely spam. I'm catching about 40 per hour, widely d

Re: [Declude.Virus] Invalid ZIP Vulnerability

2005-05-27 Thread David Franco-Rocha [ Declude ]
This vulnerability is triggered if the file format diverges from the official ZIP format specification. David Franco-Rocha Declude Technical Support - Original Message - From: "Paul Navarre" <[EMAIL PROTECTED]> To: Sent: Friday, May 27, 2005 1:54 AM Subject: [Declude.Virus] Invalid Z

Re: [Declude.Virus] Invalid ZIP Vulnerability

2005-05-27 Thread Scott Fisher
I've seen it here rarely also. Not positive here but here is a theory: The zip file may gave been created on a Mac and contain some Mac specific size 0 files? - Original Message - From: "Paul Navarre" <[EMAIL PROTECTED]> To: Sent: Friday, May 27, 2005 12:54 AM Subject: [Declude.Vir