HTML forms in e-mail -- new 4.22-2
mailscanner at ecs.soton.ac.uk
Sun Jun 22 18:54:04 IST 2003
Sounds a really good idea, and it has virtually no load impact at all (it's
just 1 regexp lookup).
I have just posted version 4.22-2 which includes an "Allow Form Tags"
At 17:55 22/06/2003, you wrote:
>It would be better (and probably more easily) done as an extension to
>If you copy the call to FindExternalBody around line 122, you can add a
>call to a new function called something like "FindForms".
>Or else what would be easier is to add another parameter to
>FindMicrosoftExploits() to say whether forms are allowed or not.
>All you then need to do is edit SearchHTMLBody() around line 279. Adding
>another test to that is pretty simple.
>Let me know how you get on.
>At 17:14 22/06/2003, you wrote:
>>I have a couple of cases where people received spoofed e-mail messages
>>containing forms for them to fill out credit card information. These
>>messages appeared to be legitimate (e.g. from Earthlink or PayPal)
>>asking the receiver to confirm the credit card info (including their ATM
>>PIN number). Careful examination showed that the target IP addresses
>>for the form action was not Earthlink or PayPal. These were fraudulent
>>attempts at getting someone's credit card information.
>>I'd like to disallow this sort of thing in e-mail. I could possibly
>>code a spamassassin rule to trap <form action ..> directives and mark it
>>as spam or something like that. What I'd really like to do is alter the
>>message such that it is rendered harmless by disabling the submit button
>>or removing the <form action> directive. What would be the best
>>approach to do this? Maybe a custom function? These are e-mail
>>security threats and MailScanner seems the appropriate place to deal
>>with them. I expect we'll start seeing more and more of this type of
>>scam. Any ideas? Thanks.
>>Richard Lynch <rich at mail.wvnet.edu>
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner