What causes this hit?
Ugo Bellavance
ugob at CAMO-ROUTE.COM
Fri Mar 26 04:59:41 GMT 2004
>-----Message d'origine-----
>De : Pete [mailto:pete at eatathome.com.au]
>Envoyé : 25 mars, 2004 23:47
>À : MAILSCANNER at JISCMAIL.AC.UK
>Objet : Re: What causes this hit?
>
>
>Mike Kercher wrote:
>
>>Allow IFrame Tags = yes
>>Log IFrame Tags = yes
>>Allow Form Tags = yes
>>Convert Dangerous HTML To Text = no
>>Convert HTML To Text = no
>>
>>I believe these to be the relevant settings from my
>MailScanner.conf Did I
>>miss something?/
>>
>>Mike
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: MailScanner mailing list
>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
>>>Sent: Thursday, March 25, 2004 8:29 PM
>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>Subject: Re: What causes this hit?
>>>
>>>
>>>
>>>>-----Message d'origine-----
>>>>De : Mike Kercher [mailto:mike at CAMAROSS.NET] Envoyé : 25 mars, 2004
>>>>20:58 À : MAILSCANNER at JISCMAIL.AC.UK Objet : What causes this hit?
>>>>
>>>>
>>>>Report: MailScanner: Found a script in HTML message
>>>>
>>>>
>>>>
>>>Your HTML settings in MailScanner.conf?
>>>
>>>
>>>
>>>>Mike
>>>>
>>>>
>>>>
>>
>>
>>
>>
>>
>But didnt that rules used to say Found Iframe Exploit or something?
>
>I have been trying to work out how to let one of these through
>just now,
>just to release one from quyarantine to a user - grrr
>I followed this eventually, which kinda works, in that it releases a
>copy but also runs another capturted copy through mailwatch - weird.
Pretty hard to deal with, since it is considered like a virus I think.
Maybe better off using command-line to release it instead of MailWatch, since Mailwatch (I think) doesn't allow virus release.
>
More information about the MailScanner
mailing list