Found dangerous Object Codebase tag...

Furnish, Trever G TGFurnish at HERFF-JONES.COM
Tue Aug 12 18:08:36 IST 2003 

An HTML tag that causes a browser to load programming code when the page is
viewed.  Some mail filtering systems "defang" such tags by changing them to
something safe, which usually leaves the rest of the message completely
readable, but I don't think (and will hopefully be corrected if I'm wrong)
that MS yet can be made to do that.

Actually, are there any plans (or does anyone have a suggestion for the best
way to) allow using such "defanging" functionality in MS?  In a past life I
used a procmail script
(http://www.impsec.org/email-tools/procmail-security.html) that would
prepend DEFANGED to the start of tags considered dangerous.  It was nice
functionality, even if only for all the anger it engendered in the web dev
department. :-)

-t.


> -----Original Message-----
> From: Kevin Miller [mailto:Kevin_Miller at CI.JUNEAU.AK.US]
> Sent: Tuesday, August 12, 2003 11:41 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Found dangerous Object Codebase tag...
>
>
> Can someone please tell me what an object codebase tag is and
> why they're
> dangerous?  I get reports like the following pretty
> regularly; most are
> probably spam, but I think this one is legitimate.
> Dreadfully boring IMHO,
> but legitimate. <g>
>
> I can whitelist this one, but would be chuffed to know what's
> actually going
> on here.
>
> --------------------------------------------------------------
> ----------
> The following e-mail messages were found to have viruses in them:
>
>     Sender:
> calandrastockwatch-html-return-18-bosco_beancounter=ci.juneau.
> ak.us at mail2.ma
> rketwatchmail.com
> IP Address: 63.240.173.124
>  Recipient: bosco_beancounter at ci.juneau.ak.us
>    Subject: Thom Calandra's StockWatch: Miners rush to
> finance ventures as
> bullion gains steam
>  MessageID: h7BGiwJ7001861
>     Report: Found dangerous Object Codebase tag in HTML message
> --------------------------------------------------------------
> ----------
>
> TIA...
>
> ...Kevin
> -------------------
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Administrator, Mail
> Administrator
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
>

More information about the MailScanner mailing list