HTML forms in e-mail -- new 4.22-2

Julian Field mailscanner at ecs.soton.ac.uk
Sun Jun 22 18:54:04 IST 2003


Sounds a really good idea, and it has virtually no load impact at all (it's
just 1 regexp lookup).

I have just posted version 4.22-2 which includes an "Allow Form Tags"
configuration option.

Enjoy!

At 17:55 22/06/2003, you wrote:
>It would be better (and probably more easily) done as an extension to
>SweepContent.pm.
>If you copy the call to FindExternalBody around line 122, you can add a
>call to a new function called something like "FindForms".
>
>Or else what would be easier is to add another parameter to
>FindMicrosoftExploits() to say whether forms are allowed or not.
>All you then need to do is edit SearchHTMLBody() around line 279. Adding
>another test to that is pretty simple.
>
>Let me know how you get on.
>
>At 17:14 22/06/2003, you wrote:
>>I have a couple of cases where people received spoofed e-mail messages
>>containing forms for them to fill out credit card information.  These
>>messages appeared to be legitimate (e.g. from Earthlink or PayPal)
>>asking the receiver to confirm the credit card info (including their ATM
>>PIN number).  Careful examination showed that the target IP addresses
>>for the form action was not Earthlink or PayPal.  These were fraudulent
>>attempts at getting someone's credit card information.
>>
>>I'd like to disallow this sort of thing in e-mail.  I could possibly
>>code a spamassassin rule to trap <form action ..> directives and mark it
>>as spam or something like that.  What I'd really like to do is alter the
>>message such that it is rendered harmless by disabling the submit button
>>or removing the <form action> directive.  What would be the best
>>approach to do this?  Maybe a custom function?  These are e-mail
>>security threats and MailScanner seems the appropriate place to deal
>>with them.  I expect we'll start seeing more and more of this type of
>>scam.  Any ideas?  Thanks.
>>
>>--
>>Richard Lynch <rich at mail.wvnet.edu>
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list