Feature request: HTML Content Checks

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Tue Jan 18 15:13:20 GMT 2005


Is it possible to add to the logged "Content Checks: Detected
HTML-specific exploits in ..." messages the actual HTML exploit that
caused the message? 

That is, I am asking for one of the strings "HTML-Iframe",
"HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" to be added
as appropriate to the message.

At present we only have info on IFrame exploits through the separate
logging facility for that tag. I would like this additional info for the
same reason you provided the IFrame logging - to identify the
envelope-From address that may need to be added to the rules file to
exempt that address from the actions normally applied to that exploit.


PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list