Another MIME decoder improvement, and script tags

Julian Field mailscanner at ecs.soton.ac.uk
Tue Mar 9 17:53:45 GMT 2004 

Which bits of the message should I check?
The other HTML checks are only done in the message body.
If I do them in the attachments as well, how do I identify which files to
check?
There are a whole list of file extensions which Windows will try to render
as HTML:
chm, hta, htm, html, htt, its, mht, mhtml, odc, url, wsf, wsh, xlsmhtml,
xlthtml, xml

Would it be enough to check the message body like I do with the others?
Or should they all start checking attachments as well?

There are consequences to checking the attachments, as it stops people from
simply attaching HTML as an attachment when they want to, quite validly,
send any HTML to each other. For example applying all the IFRAME checks in
an attachment would severely affect people's ability to send pretty web
pages to each other in attachments.

I don't want to annoy people who are exchanging quite valid files by email,
just because there are people stupid enough to open any attachment they are
sent. People can't even get around it by putting it in a zip file now, let
alone a password-protected one. They are going to get very annoyed!

I would tend towards only checking the message body.

And if I provide a simple list of filename extensions including all those
above, then I could check
1) Any attachments with one of those as a name
2) Any attachments without a name which appear in a message with a subject
ending in one of those
3) Any text/html parts of the message.

All these extra checks will of course affect the speed if they are enabled.

Your thoughts please...

At 16:35 09/03/2004, you wrote:
>Julian,
>
>Yes please. I'm not sure what nasty stuff they're doing, but it's only a
>matter of time before they're used for bad stuff. Please squash 'em. :-)
>
>Cheers,
>Chris
>
>Julian Field wrote:
>
>>While I'm here, how many of you would like me to squash <script> tags in
>>HTML messages?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list