 |
 |
What additional checks does your advanced antivirus scanning do?
More than viruses are scanned with our advanced antivirus. This article explains the additional checks.
Pen Publishing E-mail Security System includes additional security checks performed by our antivirus scanner:
Vulnerability Name and Description
CLSID Vulnerability: This vulnerability occurs when an E-mail uses a 'CLSID' as an extension. A CLSID is a long string that identifies a certain program (such as Notepad), and using the CLSID instead of a standard file extension will cause Windows to use the program identified by the CLSID to open the file. Windows will not display the CLSID extension, so a file with an innocent name such as "cutedog.jpg" could cause another program to run.
Conflicting Encoding Vulnerability: This vulnerability occurs when the headers of an E-mail claim that two or more different encoding types are used. A MIME segment can only be encoded in one way, so if there are more than one encoding types listed, it is possible that the virus scanner and the mail client will use different decoding methods on the E-mail. If this happens, a virus could bypass virus scanning.
Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when there is a line in the headers with just a single space or a single tab character. Outlook can treat this as the end of the headers, allowing it to see a virus that is embedded in the headers. RFC2822 3.2.3 says that it is not valid to have such lines, nor is there any legitimate reason for an E-mail to contain a blank line in the headers with a single space or tab (note that it is OK to have a line with a single space or tab in the E-mail body, just not the headers).
Outlook 'Boundary Space Gap' Vulnerability: This vulnerability occurs when there is a space or tab in the MIME boundary. This is not RFC-compliant, but Outlook will treat it as valid and be able to see a virus that virus scanners will not usually see. There is no legitimate reason for an E-mail to be formed like this.
Outlook 'CR' Vulnerability: This vulnerability occurs when an E-mail contains a single 'CR' character within the E-mail headers (as opposed to a 'CR' followed by an 'LF', which is used to end a line in SMTP). Outlook can treat this as the end of the headers, which would allow Outlook to see a virus that was embedded in the headers. RFC2822 2.2 says that CR and LF characters cannot appear alone in the headers. Also, there is no legitimate reason for an E-mail to contain a lone 'CR' in the headers.
Outlook 'Long Boundary' Vulnerability: This vulnerability occurs when an E-mail has a MIME boundary that is longer than allowed by the RFCs. Outlook may see a virus when a virus scanner will not. There is no legitimate reason for an E-mail to be sent like this.
Outlook 'Long Filename' Vulnerability: This vulnerability occurs when an E-mail has an attachment with a name longer than 256 characters long. When this occurs, it is possible for Outlook not to see the correct file extension, causing Outlook to think that a dangerous E-mail is actually safe.
Outlook 'MIME header' Vulnerability: This vulnerability occurs when certain safe MIME types are used, but a potentially dangerous file type is attached. Outlook may execute the attachment automatically, without looking at its file extension. There is no legitimate reason for an E-mail to be sent like this, and a number of viruses use this vulnerability.
Outlook 'MIME segment in MIME postamble' Vulnerability: This vulnerability occurs when it appears as though a MIME segment is occurring after the end of the MIME body (specifically, a MIME segment with a boundary other than the one specified appears in the MIME postamble). Outlook may see this as an attachment. Although technically valid, there is no legitimate reason for an E-mail to be sent like this.
Outlook 'MIME segment in MIME preamble' Vulnerability: This vulnerability occurs when it appears as though a MIME segment is occurring before it should (specifically, a MIME segment with a boundary other than the one specified appears in the MIME preamble). Outlook may see this as an attachment. Although technically valid, there is no legitimate reason for an E-mail to be sent like this.
Partial (Fragmented) Vulnerability: This vulnerability occurs when one E-mail is split into separate parts, each in a separate E-mail. Although this is legal, it will bypass virus scanners, and therefore will likely soon be deprecated.
|
 |
|
 |