Dangerous html tag?
Kai Schaetzl
maillists at CONACTIVE.COM
Thu Mar 18 17:31:44 GMT 2004
Julian Field wrote on Thu, 18 Mar 2004 13:57:27 +0000:
> Allow HTML tags = iframe=yes form=disarm object/codebase=no object/data=no
>
> So "yes" would be the same as not listing the tag at all, the other
> possibilities would be "no" and "disarm". Complex tags like <Object
> Codebase=...> would be separated with a "/".
>
> That looks ugly. Can someone come up with something better?
>
use a ruleset for this?
<OBJECT* ... </OBJECT> deliver/store/remove/disarm
<HTML* ... </HTML> deliver/store/remove/disarm
store would store the message but leave intact
remove will remove the complete code block including the content
disarm just removes the opening and end tags
depending on an extra deliver or store the removed or disarmed messages are
either delivered or stored
this should be added to silent viruses, possibly
Related matter: at what stage do you do this processing? F.i. SA relies on
an "unspoiled" message structure.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
More information about the MailScanner
mailing list