Julian Field mailscanner at ecs.soton.ac.uk
Sun Feb 23 14:21:08 GMT 2003

At 13:59 23/02/2003, you wrote:
>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>Sent: 23 February 2003 12:41
>Subject: Re: IFRAME
> > Try setting
> >
> > Allow Object Codebase Tags = yes
> >
> > as well, as both it and the iframe check are Microsoft security
> > vulnerability checks.
> >
>Thanks, Julian.  I see you say in the comments:
># This is a very bad idea as it allow various Microsoft vulnerabilities
># to go unprotected.
>Do you still believe this is "a very bad idea"?  What it leads to is a
>lot of virus warning messages clogging up my mailq and a fair number of
>clearly false alarms.

Very few people use Object Codebase tags in mail. Using Version 4, you
could set them up to be rules so that mail containing IFrames (or Object
Codebase tags or both) could be permitted from a few "trusted" addresses
(such as the Daily Dilbert cartoon) and banned from everywhere else. The
other alternative is version 4 is to take messages containing either of
these tags and strip the HTML out of them, which leaves you the message
content but in a known safe form. People can still click on the links to
look at the pictures and so on which are held on a web server, while still
providing protection against attacks.
Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list