HTML forms in e-mail

Julian Field mailscanner at ecs.soton.ac.uk
Sun Jun 22 17:55:47 IST 2003


It would be better (and probably more easily) done as an extension to
SweepContent.pm.
If you copy the call to FindExternalBody around line 122, you can add a
call to a new function called something like "FindForms".

Or else what would be easier is to add another parameter to
FindMicrosoftExploits() to say whether forms are allowed or not.
All you then need to do is edit SearchHTMLBody() around line 279. Adding
another test to that is pretty simple.

Let me know how you get on.

At 17:14 22/06/2003, you wrote:
>I have a couple of cases where people received spoofed e-mail messages
>containing forms for them to fill out credit card information.  These
>messages appeared to be legitimate (e.g. from Earthlink or PayPal)
>asking the receiver to confirm the credit card info (including their ATM
>PIN number).  Careful examination showed that the target IP addresses
>for the form action was not Earthlink or PayPal.  These were fraudulent
>attempts at getting someone's credit card information.
>
>I'd like to disallow this sort of thing in e-mail.  I could possibly
>code a spamassassin rule to trap <form action ..> directives and mark it
>as spam or something like that.  What I'd really like to do is alter the
>message such that it is rendered harmless by disabling the submit button
>or removing the <form action> directive.  What would be the best
>approach to do this?  Maybe a custom function?  These are e-mail
>security threats and MailScanner seems the appropriate place to deal
>with them.  I expect we'll start seeing more and more of this type of
>scam.  Any ideas?  Thanks.
>
>--
>Richard Lynch <rich at mail.wvnet.edu>

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list