Internet Explorer URL Display problem

Julian Field mailscanner at
Wed Dec 10 21:22:49 GMT 2003

At 20:52 10/12/2003, you wrote:
> > At 20:05 10/12/2003, you wrote:
> > Should
> >
> > uri IE_VULN /%01.*@/
> > score IE_VULN 10.0
> > describe IE_VULN Internet Explorer vulnerability
> >
> > work?
>Wouldn't this only mark the message as spam? Maybe I'm alone on this, but
>I think that this presents a far more serious threat than just spam. If
>someone opens the spam anyways and sees a message from their bank,
>requesting verification of online banking information, they might be
>tempted to follow the links AND complain to me that this important message
>from their bank was marked as spam.
>My thought is that this should fall under the same general area of the
>flowchart as the I-Frame exploits, if possible.

I don't want to do what SA already does very well, nor do I want to write
code that is part of the arms race, I've probably done too much of that
already. So I would prefer SA to do this. Maybe it is time to "plug" MCP
rather more, and do more testing of it.

 From the people who have tried it, does it work? I am particularly
interested in hearing if you have had problems making MCP and the normal SA
code work together. There's a bug in SA that I haven't found yet that
causes problems here. I *believe* I have worked around it, but I'm not
sure. There's a performance hit in running them both because of this bug.

For docs on MCP, see
Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list