blocking %00 / %01 exploits with mailscanner?
Chris Yuzik
chris at FRACTALWEB.COM
Mon Jan 19 22:13:03 GMT 2004
At 21:23 19/01/2004, you wrote:
>> On Mon, 19 Jan 2004, Julian Field wrote:
>> > At 20:52 19/01/2004, you wrote:
>> > >Is there a way to get mailscanner to block %00 / %01 uri exploits
>> in the
>> > >body of mails the same way mailscanner can block iframe exploits in
>> the body?
>> > The current best solution is to create a SpamAssassin rule which
>> catches
>> > these and assigns a score of 100.
>>
>> So basically, "no, mailscanner can't do that"? It can block iframe
>> exploits but not URI exploits?
>
I'm with Julian on this one. All that matters is that you block these
extremely dangerous emails from your users. If Spamassassin can do it,
then why "reinvent the wheel" by making MailScanner do it also?
I have MailScanner set to delete (and quarantine) high scoring spam,
which on my server is anything above 15. I have yet to see a
false-positive score that high. If these get deleted without your users
even seeing them, then all the better. There's no way anyone would
accidentally use this exploit in a legitimate email.
Although I haven't seen many of these exploits come though, I have seen
a few in the past week, all purporting to be from Bank of America, Ebay,
and Paypal (so far).
Cheers,
Chris
More information about the MailScanner
mailing list