Feature request or can MS..??

Hancock, Scott HancockS at MORGANCO.COM
Tue Sep 23 18:45:32 IST 2003 

Thanks Julian,

I set:

Convert HTML To Text = %rules-dir%/convert.html.rules

tab delimited.
jed /opt/MailScanner/etc/rules/convert.html.rules
Virus:  Gibe-F  yes
FromOrTo:       default         no

Please consider adding the attachment feature to the HTML rules.  This
might prevent a user slip up and reduce temptation when outlook rebuilds
the text link automagically.  

The attachment approach could also reduce risk in a situation where
dangerous tags are allowed.  

My 2 cents.

-Scott


>
 >At 15:37 23/09/2003, you wrote:
 >>Please pardon my ignorance and kindly enlighten me if this is already
 >>possible.
 >>
 >>I noticed the HTML links in the Microsoft patch virus emails are
still
 >>intact on the cleaned message.
 >>
 >>Given the attacks against MS IE, is there a way to show the users
 >>mailscanner is working but not let the html body through?
 >
 >Convert HTML To Text = yes
 >
 >or even better....
 >
 >Convert HTML To Text = /etc/MailScanner/convert.html.rules
 >
 >which in turn contains
 >
 >Virus: Gibe-F     yes
 >FromOrTo: default       no
 >
 >which should strip HTML off Gibe-F infected messages, but not others.
You
 >will need at least 4.23-11 to do this. Neat, eh? :-)
 >
 >The other way of doing it is to add Gibe-F to your list of Silent
Viruses
 >(which you should have done already anyway) and "Still Deliver Silent
 >Viruses = no".
 >
 >>I'm thinking even more aggressive than strip html since outlook
rebuilds
 >>html links in text form.  But in lieu of a new action, would it be
easy
 >>to make the options for spam available for treatment of cleaned
viruses
 >>and dangerous HTML?  I could then strip the html and make the message
an
 >>attachment.  That would at least cause my users to stop and think.
Most
 >>of them are trained not to open strange attachments.
 >
 >Non Spam Actions = /etc/MailScanner/rules/non.spam.actions.rules
 >
 >which then contains
 >
 >Virus: Gibe-F   striphtml attachment deliver
 >FromOrTo: default       deliver
 >
 >>Ideally, I think just a report of the virus caught and who sent it or
 >>maybe the internet headers since they don't get forwarded by default
 >>under exchange.
 >>
 >>I realize the value of "who" is useless.  However, I'm betting my
users
 >>would generate a lot of questions without the "who" because some of
them
 >>still can't believe email can be forged.
 >>
 >>I guess I'll set the silent delete for now.
 >>
 >>
 >>Thanks
 >>
 >>-Scott
 >
 >--
 >Julian Field
 >www.MailScanner.info
 >MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list