Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Outlook 'CR' Vulnerability

M

MacMaelstrom

macrumors member
Original poster
Jul 22, 2003
88
0
Down the hall and to the right.
Just wondering :confused: if anyone else has experianced emails form MacRumors.com being blocked by your ISP's virus scanning due to Outlook 'CR' Vulnerability. It appears that MacRumor's email client uses CR in the messages, where it should use CRLF. I don't see the problem in this, but apparantly my ISP thinks their doing me quite a favor by blocking this. They've also kindly notified me that they cannot and will not turn the virus scanning off on my account. Some crap about then I could hold them liable for damage to my machine. My machines are all Linux and Mac. Therefore, I really don't care. And even if it did take out either computer, I've got backups and Master Disks. :rolleyes: EV1....
 
Link to explanation of flaw/feature.
Link to a Test

Working backwards:
2.) A CR is just fine. To state that somebody must use a linefeed after a carriage return is stupid. There are patches out there, and this is just another example of IT going way to far. That said- Send an email to Arn and see what he can do about it. It's a simple request. Here is a Link that explains why people should send a line feed after a carriage return.

The org I work for filters out HTML links and pictures, not because of bandwidth, but because somebody could potently do something that could crash the system. Three cheers for the nerf world!

1.) This is your ISPs/hosts damage. Luckily, they don't block this site. I understand their fear of lawsuit, but they also know that nobody could possibly win against them.

Additionally, from what I understand, this kind of flaw (a hidden executable) only works with attachments and an HTML formatted email and are not self extracting, executing or spawning. I could be wrong about this, but that's how the articles read to me.

If you don't want to use M$ Outlook then try Eudora
 
Originally posted by Schiffi
Sue your ISP for hindering you from accessing vital information.
Click to expand...

So, yeah, you have no concept of Terms of Service and Service Agreement contracts? They can do whatever they want, as long as they didn't promise him something else. doesn't matter how crappy it is. A lawsuit would be thrown out the moment it went before a judge.

pnw
 
Originally posted by Eniregnat
If you don't want to use M$ Outlook then try Eudora [/B]
Click to expand...

Oh yes, and that's the beauty of it all... I don't use Outlook. Nor Eudora. I use a simple linux client called Evolution. That said, if I sue them and they go out of business, ( :p ) I've just lost about the only ISP in my area. I'll email arn though and ask him about it.
thanks all!
 
Well, it appears that I'll be getting a free Email account at some place that has POP service. I've found just about every email sent to me from Claris Emailer and Netscape (under 4.0 Versions) is getting blocked. This makes up a good 1/8 of people I know.
 
Outlook 'CR' Vulnerabilty emails now "We blocked a virus..."

Well, I too have been getting Outlook 'CR' Vulnerability emails. Except the latest email I've gotten from the board is now "WARNING: We blocked a virus that was sent to you".

Oh brother.

Damn college email filtering! I'll have to get on their butts about this one. When I get back to campus in the Winter.

Sigh.
 
'CR' Vulnerabilty: Response

'CR' Vulnerability:

A response from my postmaster/admin:

Here is a reply from the owner of our email scanning software to someone on
their lists...

You can tell them that their mail client is sending out E-mail containing a
dangerous vulnerability (one that viruses can use to bypass mailserver virus
scanners). Specifically, it is sending a lone CR character in the headers of
the E-mail (as opposed to the "CRLF" that is used to indicate the end of
lines). There is no benefit to having the lone CR character, and it ends up
creating a dangerous vulnerability. It may also be worth noting that all
major mailserver AV programs will detect this very soon.
Click to expand...
Click to expand...
 
My emails are coming in a virus warnings now.

I am a man of action - so what should I do now?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back