Dangerous html tag?
Ken Anderson
ka at PACIFIC.NET
Thu Mar 18 17:53:58 GMT 2004
Kai Schaetzl wrote:
> Julian Field wrote on Thu, 18 Mar 2004 11:38:48 +0000:
>
>
>>I now block all Object Data tags as well as Object Codebase.
>>Whether I want to block all Object tags is up for discussion.
>>Your thoughts please?
>>
>
>
> There is no good reason to have iframe, object, embed and the like in an
> email, wipe them all!
I'd agree, but our customers are the public, not a private company or
govt agency, so we have to allow quite a bit. We initially had this set
to NO, but had to revert to ALLOW when some users complained that many
greeting cards were not viewable. But, with the current round of
viruses, and because it's not Christmas right now, we've changed it to
disarm. I'm expecting some complaints and a few new per user rules for
those customers that exchange a lot of this type of email.
So, the more finely tuned we can make this, the better. For example,
flash objects are blocked when Object Codebase is set to no. It would be
nice to allow loading remote flash objects, remote midi embeds, etc..
and still block port 81 bagel urls that request php scripts.
Maybe I'd be better off doing that with a SA rule?
Ken A.
Pacific.Net
>
> Kai
>
> --
>
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
>
>
More information about the MailScanner
mailing list