Still catching "Possible Microsoft security vulnerability attack"
G. Armour Van Horn
vanhorn at whidbey.com
Sat Oct 19 21:22:10 IST 2002
I have users who subscribe to the daily Dilbert comic, and that mail
apparently includes an iFrame. Having only recently learned about iFrames,
I'm surprised they aren't much more widely used, but that's neither here
nor there. Are you suggesting that Allowing iFrame Tags means that the
entire message will go unscanned for other threats?
I need a way to pass these messages, either a whitelist for unitedmedia.com
or the option to ignore iFrames, but I still need to scan them for viruses.
By the way, I am using 4.00.0a13-1, and I don't have a mailscanner.conf
file except in the old 3.25 source tree. I'm including a copy of one of the
bounce messages below.
Van
Mike Zanker wrote:
> On 07 October 2002 10:49 -0600 John Hanks <john.hanks at USU.EDU> wrote:
>
> > Ok, looks like I have overcome my source of confusion. This works (at
> > least nothing has been caught in the last 10 minutes or so)
> >
> > Allow IFrame Tags = yes
> > Allow Codebase Tags = yes
>
> Please be warned that if you have these set to "yes" then some
> bugbear-infected e-mails will NOT be scanned. I had this happen this
> afternoon when a bugbear-infected e-mail with IFrame tags got through.
> Having set IFrame to "no" it correctly scanned and quarantined it.
>
> Mike.
The following is one of the bounces I get, edited only to mask the user's
address:
> Date: Sat, 19 Oct 2002 00:04:40 -0700
> From: "MailScanner"
> To: postmaster at verbose.twistedhistory.com
> Subject: Warning: E-mail viruses detected
> X-MailScanner: Found to be clean
>
>
> The following e-mail messages were found to have viruses in them:
>
>
> Sender: dailycomic#2.27654.bf-k0fslmcqw9pz.1.b at comicsmail.unitedmedia.com
> IP Address: 65.114.4.12
> Recipient: asdf at asdfasdfasdf.com
> Subject: Your Daily Dilbert 10/19/2002
> MessageID: g9J74aHQ006554
> Report: Found dangerous IFrame tag in HTML message
>
>
>
> --
> MailScanner
> Email Virus Scanner
> www.mailscanner.info
>
--
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free!
mailto:twisted at whidbey.com?subject=Subscribe_QOTD
For web hosting and maintenance,
visit Van's home page: http://www.domainvanhorn.com/van/
----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20021019/d11bf908/attachment.html
More information about the MailScanner
mailing list