Found dangerous Object Codebase tag...

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Tue Aug 12 18:17:02 IST 2003


Can you give an example?  Would java or JavaScript count?  Is this typically
tracking mechanisms, with some malevolency thrown in by the odd miscreant?

Also, if I change MS to strip out the code, do html messages come in
butt-ugly or are they still pretty much intact and functional?

As always, much appreciated...

...Kevin
-------------------
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500


>-----Original Message-----
>From: Furnish, Trever G [mailto:TGFurnish at HERFF-JONES.COM]
>Sent: Tuesday, August 12, 2003 9:09 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Found dangerous Object Codebase tag...
>
>
>An HTML tag that causes a browser to load programming code
>when the page is
>viewed.  Some mail filtering systems "defang" such tags by
>changing them to
>something safe, which usually leaves the rest of the message completely
>readable, but I don't think (and will hopefully be corrected
>if I'm wrong)
>that MS yet can be made to do that.
>
>Actually, are there any plans (or does anyone have a
>suggestion for the best
>way to) allow using such "defanging" functionality in MS?  In
>a past life I
>used a procmail script
>(http://www.impsec.org/email-tools/procmail-security.html) that would
>prepend DEFANGED to the start of tags considered dangerous.
>It was nice
>functionality, even if only for all the anger it engendered in
>the web dev
>department. :-)
>
>-t.
>
>
>> -----Original Message-----
>> From: Kevin Miller [mailto:Kevin_Miller at CI.JUNEAU.AK.US]
>> Sent: Tuesday, August 12, 2003 11:41 AM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Found dangerous Object Codebase tag...
>>
>>
>> Can someone please tell me what an object codebase tag is and
>> why they're
>> dangerous?  I get reports like the following pretty
>> regularly; most are
>> probably spam, but I think this one is legitimate.
>> Dreadfully boring IMHO,
>> but legitimate. <g>
>>
>> I can whitelist this one, but would be chuffed to know what's
>> actually going
>> on here.
>>
>> --------------------------------------------------------------
>> ----------
>> The following e-mail messages were found to have viruses in them:
>>
>>     Sender:
>> calandrastockwatch-html-return-18-bosco_beancounter=ci.juneau.
>> ak.us at mail2.ma
>> rketwatchmail.com
>> IP Address: 63.240.173.124
>>  Recipient: bosco_beancounter at ci.juneau.ak.us
>>    Subject: Thom Calandra's StockWatch: Miners rush to
>> finance ventures as
>> bullion gains steam
>>  MessageID: h7BGiwJ7001861
>>     Report: Found dangerous Object Codebase tag in HTML message
>> --------------------------------------------------------------
>> ----------
>>
>> TIA...
>>
>> ...Kevin
>> -------------------
>> Kevin Miller                Registered Linux User No: 307357
>> CBJ MIS Dept.               Network Systems Administrator, Mail
>> Administrator
>> 155 South Seward Street     ph: (907) 586-0242
>> Juneau, Alaska 99801        fax: (907 586-4500
>>
>



More information about the MailScanner mailing list