MailScanner: Found dangerous Object Codebase/Data tag in HTML
message
Julian Field
MailScanner at ecs.soton.ac.uk
Sat Oct 29 14:09:19 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Information Services wrote:
>I had a user that wanted to receive a newletter, but it was being blocked.
>Looking through the archives I found what I need to do to take care of
>this problem. I edited MailScanner.conf and changed to:
>
>Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
>
>The contents of object.code.rules:
>
># This file is to allow Object Codebase Tags from APPROVED domains.
># This next line gives an example of how you might enable this option for
># a frequent customer of yours.
>#From: yourcustomer.com yes
>From: marketwatchmail.com yes
>
># Under no circumstances should this be changed to "yes".
>FromOrTo: default no
>#
>#
>
>
That's correct. You might want to consider saying "disarm" rather than
"yes" as they probably don't actually need the message to be executing
on their system, just so they can read it!
>
>I stopped MailScanner, and sendmail, did a ps -ef | grep ail to make
>sure MailScanner and sendmail did in fact stop. Then started
>MailScanner again. I am trying to release the message to the user,
>but it continues to be blocked. What am i missing?
>
You must have put the message in MailScanner's incoming queue. If you
find that the ruleset isn't being obeyed, then check the
"X-MailScanner-From" header to check the address you are blocking is the
right one, as MailScanner doesn't ever use the "From:" header value. It
uses the envelope address instead.
> I went into
>/var/spool/MailScanner/archives/%date%/%files% and tried to open them
>in a browser but they are garbled up. What do I need to do in order
>to get this newsletter to the user?
>
>
You are probably quaranting the whole message. In this case it is in the
form to be dropped into the outgoing queue of your MTA, as defined by
"Outgoing Queue Dir" in MailScanner.conf. If you are using Postfix then
you have to be careful to put it in the correct directory and get all
the ownership and permissions correct (use a file that is already there
to work from).
Once you have put it in the outgoing queue, then just tell your MTA to
do a queue run, or else just leave it to be picked up by the next
regular queue run if you aren't worried about it going out immediately.
Hope that helps.
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
iQA/AwUBQ2N0gBH2WUcUFbZUEQIy8wCdGRDs6is6THKnKSjmKfK+YyeVa1cAoJEI
ncGUMIQ7w+7eA5DXpba9gdPT
=fmeN
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list