MailScanner: Found dangerous Object Codebase/Data tag in HTML message

Julian Field MailScanner at ecs.soton.ac.uk
Sat Oct 29 14:09:19 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Information Services wrote:

>I had a user that wanted to receive a newletter, but it was being blocked.
>Looking through the archives I found what I need to do to take care of
>this problem.  I edited MailScanner.conf and changed to:
>
>Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
>
>The contents of object.code.rules:
>
># This file is to allow Object Codebase Tags from APPROVED domains.
># This next line gives an example of how you might enable this option for
># a frequent customer of yours.
>#From:		yourcustomer.com	yes
>From:		marketwatchmail.com	yes
>
># Under no circumstances should this be changed to "yes".
>FromOrTo:	default			no
>#
>#
>  
>
That's correct. You might want to consider saying "disarm" rather than 
"yes" as they probably don't actually need the message to be executing 
on their system, just so they can read it!

>
>I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
>sure MailScanner and sendmail did in fact stop. Then started
>MailScanner again.  I am trying to release the message to the user,
>but it continues to be blocked.  What am i missing?
>
You must have put the message in MailScanner's incoming queue. If you 
find that the ruleset isn't being obeyed, then check the 
"X-MailScanner-From" header to check the address you are blocking is the 
right one, as MailScanner doesn't ever use the "From:" header value. It 
uses the envelope address instead.

>  I went into
>/var/spool/MailScanner/archives/%date%/%files% and tried to open them
>in a browser but they are garbled up.  What do I need to do in order
>to get this newsletter to the user?
>  
>
You are probably quaranting the whole message. In this case it is in the 
form to be dropped into the outgoing queue of your MTA, as defined by 
"Outgoing Queue Dir" in MailScanner.conf. If you are using Postfix then 
you have to be careful to put it in the correct directory and get all 
the ownership and permissions correct (use a file that is already there 
to work from).

Once you have put it in the outgoing queue, then just tell your MTA to 
do a queue run, or else just leave it to be picked up by the next 
regular queue run if you aren't worried about it going out immediately.

Hope that helps.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2N0gBH2WUcUFbZUEQIy8wCdGRDs6is6THKnKSjmKfK+YyeVa1cAoJEI
ncGUMIQ7w+7eA5DXpba9gdPT
=fmeN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list