Detected HTML-specific exploits

Jason Burzenski jburzenski at AMERICANHM.COM
Mon May 17 14:53:25 IST 2004


I figured as much.  I suppose I was looking for a more specific log entry or
that I wanted to validate that this log entry could correspond to a script
block and was not some other ruleset somewhere that I didn't know about
(there is no clear indication of what an HTML-specific exploit is if you are
just looking at logs and don't realize it is object codebase, forms,
iframes, scripts, etc).

I have reviewed the disarm setting and the "not 100% effective" concerns me.
I may use a ruleset to "disarm" from certain domains that we need to permit
for busines purposes and leave the rest of the world set to no.  Has anyone
seen any situations where disarm permitted exploit code through?

> That is your answer.
>
> If you are blocking script tags then you do run the risk of
> blocking HTML emails. A more sane setting would be "disarm"

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040517/0681330f/attachment.html


More information about the MailScanner mailing list