Dangerous html tag?

Ken Anderson ka at PACIFIC.NET
Thu Mar 18 17:53:58 GMT 2004


Kai Schaetzl wrote:

> Julian Field wrote on         Thu, 18 Mar 2004 11:38:48 +0000:
> 
> 
>>I now block all Object Data tags as well as Object Codebase.
>>Whether I want to block all Object tags is up for discussion.
>>Your thoughts please?
>>
> 
> 
> There is no good reason to have iframe, object, embed and the like in an
> email, wipe them all!


I'd agree, but our customers are the public, not a private company or 
govt agency, so we have to allow quite a bit. We initially had this set 
to NO, but had to revert to ALLOW when some users complained that many 
greeting cards were not viewable. But, with the current round of 
viruses, and because it's not Christmas right now, we've changed it to 
disarm. I'm expecting some complaints and a few new per user rules for 
those customers that exchange a lot of this type of email.

So, the more finely tuned we can make this, the better. For example, 
flash objects are blocked when Object Codebase is set to no. It would be 
nice to allow loading remote flash objects, remote midi embeds, etc.. 
and still block port 81 bagel urls that request php scripts.

Maybe I'd be better off doing that with a SA rule?

Ken A.
Pacific.Net

> 
> Kai
> 
> --
> 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
> 
> 




More information about the MailScanner mailing list