IFRAME

[Julian Field]

At 13:59 23/02/2003, you wrote:
>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: 23 February 2003 12:41
>Subject: Re: IFRAME
>
>
> > Try setting
> >
> > Allow Object Codebase Tags = yes
> >
> > as well, as both it and the iframe check are Microsoft security
> > vulnerability checks.
> >
>Thanks, Julian.  I see you say in the comments:
>
># This is a very bad idea as it allow various Microsoft vulnerabilities
># to go unprotected.
>
>Do you still believe this is "a very bad idea"?  What it leads to is a
>lot of virus warning messages clogging up my mailq and a fair number of
>clearly false alarms.

Very few people use Object Codebase tags in mail. Using Version 4, you
could set them up to be rules so that mail containing IFrames (or Object
Codebase tags or both) could be permitted from a few "trusted" addresses
(such as the Daily Dilbert cartoon) and banned from everywhere else. The
other alternative is version 4 is to take messages containing either of
these tags and strip the HTML out of them, which leaves you the message
content but in a known safe form. People can still click on the links to
look at the pictures and so on which are held on a web server, while still
providing protection against attacks.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support