Virus in HTML Email Style Sheet

Derek Winkler dwinkler at ALGORITHMICS.COM
Tue Mar 29 15:23:45 IST 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Here's the HTML source for a message that had a virus in it...

Hey Love<br>I reserved us a place at huoston's tonight.<br>starting to be
hungry already, for you!!<br>Bob
<style>* {CURSOR: url("")}</style>

When the CURSOR is retrieved it has Trojan.Moo in it according to NAV.

MailScanner did not catch this.

Should there be a disarm URLs in style sheets setting in MailScanner?

Does anyone know of a virus scanner that checks URLs in email as well? I
thought Clam was doing this.




This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list