Dangerous html tag?

Steve Evans sevans at FOUNDATION.SDSU.EDU
Thu Mar 18 14:45:44 GMT 2004


How about two configuration options

Tags to Disarm = ...
Tags to Disallow = ...

And possibly a 
Tags to Allow = ...

Although at the moment I'm not sure what the added value of the third
would be. 


Steve Evans
SDSU Foundation


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Thursday, March 18, 2004 5:57 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Dangerous html tag?

At 12:33 18/03/2004, you wrote:
>Remco Barendse wrote:
>
>>I haven't got a clue whether Object Tags are ever used for something 
>>legit.
>>
>>Could you make the Object Codebase look at the allowed / disallowed 
>>extension list? Any file we do not allow as an attachment form should 
>>be utterly destroyed when in Object Codebase?
>>
>>This would allow mails with images and other stuff we may allow but 
>>not objectionable content.
>>
>>Just an idea :)
>>
>>On Thu, 18 Mar 2004, Julian Field wrote:
>>
>>
>>
>
>Julian is it feasible to consider a list of tags that are 
>disarmed/banned/allowed ? So in the future we could just add the tag to

>an existing list and it will be destroyed? Or something like this 
>similarly modular to save upgrading MS for this same thing (catching
>tags) in the future?

Certainly feasible. I will take a look, and agree it would be a good
idea.
How would we handle the yes/no/disarm values for each one?
The yes/no is easy, just block it if it's in the list. But the disarm
option?
And what about being able to use a ruleset? The ruleset would have to
apply to the whole configuration option, not just the separate bits of
it.
And what about the report message included whenever one or more of these
tags are found?

Allow HTML tags = iframe=yes form=disarm object/codebase=no
object/data=no

So "yes" would be the same as not listing the tag at all, the other
possibilities would be "no" and "disarm". Complex tags like <Object
Codebase=...> would be separated with a "/".

That looks ugly. Can someone come up with something better?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




More information about the MailScanner mailing list