Feature request: HTML Content Checks
Julian Field
MailScanner at ecs.soton.ac.uk
Tue Jan 18 16:24:22 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
The new logging configuration option is called
Log Dangerous HTML Tags
and has replaced the old Log IFrame Tags.
When you run upgrade_MailScanner_conf, the old option will be removed
and the new one inserted. To save on log output and because it is
reasonable for production use, the new option is switched off by default.
Quentin --- Sorry for not remembering to do this earlier!
Julian Field wrote:
> Is this okay?
>
> HTML-Object
> HTML-Script
> HTML-Form
> HTML-IFrame
>
> with the same log line format as the current log iframe tags gives you.
> I will remove the log iframe tags option and replace it with log html
> tags.
>
>
> Quentin Campbell wrote:
>
>> ulian
>>
>> Is it possible to add to the logged "Content Checks: Detected
>> HTML-specific exploits in ..." messages the actual HTML exploit that
>> caused the message?
>>
>> That is, I am asking for one of the strings "HTML-Iframe",
>> "HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" to be added
>> as appropriate to the message.
>>
>> At present we only have info on IFrame exploits through the separate
>> logging facility for that tag. I would like this additional info for the
>> same reason you provided the IFrame logging - to identify the
>> envelope-From address that may need to be added to the rules file to
>> exempt that address from the actions normally applied to that exploit.
>>
>> Thanks
>>
>> Quentin
>> ---
>> PHONE: +44 191 222 8209 Information Systems and Services (ISS),
>> University of Newcastle,
>> Newcastle upon Tyne,
>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
>> ------------------------------------------------------------------------
>> "Any opinion expressed above is mine. The University can get its own."
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list