Dangerous html tag?

Pete pete at eatathome.com.au
Thu Mar 18 21:52:36 GMT 2004


Julian Field wrote:

> At 12:33 18/03/2004, you wrote:
>
>> Remco Barendse wrote:
>>
>>> I haven't got a clue whether Object Tags are ever used for something
>>> legit.
>>>
>>> Could you make the Object Codebase look at the allowed / disallowed
>>> extension list? Any file we do not allow as an attachment form
>>> should be
>>> utterly destroyed when in Object Codebase?
>>>
>>> This would allow mails with images and other stuff we may allow but not
>>> objectionable content.
>>>
>>> Just an idea :)
>>>
>>> On Thu, 18 Mar 2004, Julian Field wrote:
>>>
>>>
>>>
>>
>> Julian is it feasible to consider a list of tags that are
>> disarmed/banned/allowed ? So in the future we could just add the tag to
>> an existing list and it will be destroyed? Or something like this
>> similarly modular to save upgrading MS for this same thing (catching
>> tags) in the future?
>
>
> Certainly feasible. I will take a look, and agree it would be a good
> idea.
> How would we handle the yes/no/disarm values for each one?
> The yes/no is easy, just block it if it's in the list. But the disarm
> option?
> And what about being able to use a ruleset? The ruleset would have to
> apply
> to the whole configuration option, not just the separate bits of it.
> And what about the report message included whenever one or more of these
> tags are found?
>
> Allow HTML tags = iframe=yes form=disarm object/codebase=no
> object/data=no
>
> So "yes" would be the same as not listing the tag at all, the other
> possibilities would be "no" and "disarm". Complex tags like <Object
> Codebase=...> would be separated with a "/".
>
> That looks ugly. Can someone come up with something better?
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
HI Julian, maybe a rule set depednding on origin, or would this have to
be from * ?
iframe   @homedomain.com yes/no/disarm

I dont notify anyone of anything now, so i would if i was disarming tags
either - maybe this question could be answered by some one who does use
notifications?



More information about the MailScanner mailing list