Content Checks: Detected HTML-specic exploits in h8AGGVSe016972

Kevin Spicer kevins at BMRB.CO.UK
Thu Sep 11 14:58:53 IST 2003


On Thu, 2003-09-11 at 14:39, David Hooton wrote:

>What _exactly_ is this rule looking for?  And if this is a commonly
>exploited thing, why are so many large mailing lists actually using
>that
>code in their mailouts?

There are three types of html tags that are picked up...
object codebase and iframe tags, often used by viruses to try and get
Outlook to run an attachment without the users intervention.
form tags - there have recently been a spate of scams which work by
persuading gullable users to enter personal details (such as credit
cards, passwords) into forms in email messages.

My approach is to strip html from all incoming messages of these types,
and block outgoing messages.  The principle being that often the
essential information is still communicated by a stripped message (for
the few that are actually anything important) and that blocking outgoing
mail that breaks the rules is better than having our mails stripped or
blocked by the recipients mail server, as it allows the internal sender
to reformat in a way they control.

My only issue with this is that I'd rather there was a smart html
stripper [no jokes about smart strippers please!] which only removed the
offending tags.
I'd also like some way to remove web bugs from email, without having to
strip all html.

I really don't see the point of sending web-pages by email, isn't that
the point of  having the web.  Of course, if I had my way, I'd block all
attachments.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.



More information about the MailScanner mailing list