Detected HTML-specific exploits
Andrew Stubbs
andrews at stusoft.com
Sat May 1 12:11:57 IST 2004
I am getting the following virus warning:
Sender: xxxx at returns.groups.yahoo.com
IP Address: xxx.xx.xxx.xxx
Recipient: xxxx
Subject: Re: xxxxxx
MessageID: i41AvJf4029007
Report: MailScanner: Found a script in HTML message
I have the following setup:
Allow IFrame Tags = yes
Allow Form Tags = yes
Allow Object Codebase Tags = yes
Which AFAIK should stop the scanning of HTML mail.
The trigger is this, I think. It is inside a YAHOO advert from a yahoo
groups email
</script>
<script language=JavaScript
src=http://us.a1.yimg.com/us.yimg.com/a/1-/jscodes/031016/ct_lrec_031016.js>
</script>
I have also whitelisted the yahoo groups emails as well. I would have
thought the whitelisting should pre-empt everything. I do not want to alter
filename.rules.conf to allow .js - as this would be suicidal.
What have I done wrong ?
Andrew
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list