Feature request: HTML Content Checks
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Tue Jan 18 16:25:37 GMT 2005
Julian
Thanks. That would do the job.
In fact your suggested way is better because the logged line will also
include the envelope-sender address.
Note though that if people chose "Log HTML Tags = yes" and if they also
chose to strip HTML on, say, the occurrence of an IFrame tag in a
message then three lines will be logged:
Jan 18 04:03:29 cheviot4 MailScanner[29462]: HTML IFrame tag found in
message
j0I43C12031986 from boston at changing_boston.net
Jan 18 04:03:29 cheviot4 MailScanner[29462]: Content Checks: Detected
HTML-specific exploits in j0I43C12031986
Jan 18 04:03:29 cheviot4 MailScanner[29462]: Content Checks: Detected
and will convert HTML message to plain text in j0I43C12031986
I am happy to live with that if it simplifies the additional coding you
have to do!
Regards
Quentin
---
PHONE: +44 191 222 8209 Information Systems and Services (ISS),
University of Newcastle,
Newcastle upon Tyne,
FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."
>-----Original Message-----
>From: MailScanner mailing list
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>Sent: 18 January 2005 15:25
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Feature request: HTML Content Checks
>
>Is this okay?
>
>HTML-Object
>HTML-Script
>HTML-Form
>HTML-IFrame
>
>with the same log line format as the current log iframe tags gives you.
>I will remove the log iframe tags option and replace it with
>log html tags.
>
>
>Quentin Campbell wrote:
>
>>ulian
>>
>>Is it possible to add to the logged "Content Checks: Detected
>>HTML-specific exploits in ..." messages the actual HTML exploit that
>>caused the message?
>>
>>That is, I am asking for one of the strings "HTML-Iframe",
>>"HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form"
>to be added
>>as appropriate to the message.
>>
>>At present we only have info on IFrame exploits through the separate
>>logging facility for that tag. I would like this additional
>info for the
>>same reason you provided the IFrame logging - to identify the
>>envelope-From address that may need to be added to the rules file to
>>exempt that address from the actions normally applied to that exploit.
>>
>>Thanks
>>
>>Quentin
>>---
>>PHONE: +44 191 222 8209 Information Systems and Services (ISS),
>> University of Newcastle,
>> Newcastle upon Tyne,
>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
>>--------------------------------------------------------------
>----------
>>"Any opinion expressed above is mine. The University can get its own."
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>>
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list