iframe dilemma: a compromise?

Julian Field mailscanner at ecs.soton.ac.uk
Wed Nov 6 12:38:50 GMT 2002 

At 09:52 06/11/2002, you wrote:
>On Mon, 4 Nov 2002, Julian Field wrote:
>
> > At 18:06 04/11/2002, you wrote:
> > >[...]
> > >It seems the choice is currently a stark one: either permit iframe (and
> > >risk its possible dangers) or forbid iframe (and risk the dangers of
> > >unhappy users with big sticks).
> > >
> > >Might there be the possibility of a compromise?  An option something like
> > >"convert iframe to text"?  (Or was this discussed and deemed unworkable?)
> >
> > In version 4, you can allow IFrame tags from any given "trusted" address,
> > which solves the problem.
>
>Further, one of the purposes of MailScanner is to help to protect the
>site, not just the individual PC.  If a trusted address turns out itself
>to be troublesome, then doesn't that open the floodgates?  (Analogy:
>suppose one had the facility "trust Bugbear from this address"?)

Agreed.

>What I am suggesting is something complementary, to augment your "trusted
>iframe address" facility, which could still be in place.  Namely, an
>option (for non-trusted addresses) to convert the iframe to text.  Thus
>the basic message will still get through, and still be vaguely human
>readable.
>
>But one of the very reasons for MailScanner in the first place is that the
>users often don't keep themselves up-to-date with patches, and thus they
>(and other non-up-to-date users) remain vulnerable.  (Suppose one user
>gets caught with such an iframe problem:  what might then be the effect on
>other users whose own virus-scanning is, say, a few weeks behind?)

Yes, I understand your point of view much better now. I can see there are
certain situations, or certain addresses, where you still want the readable
content to get through even if the message contains untrusted IFrames or
"Object Codebase" tags.

So, say you have
         Allow IFrame Tags = yes
but you also have a new option
         Convert Dangerous HTML to Text = yes
then the message contents would be allowed through (by the 1st option) but
it would be stripped down to plain text (by the 2nd option). The definition
of "Dangerous" in this context is HTML containing either IFrame tags or
Object Codebase tags.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list