Problem with HTML disarm
MailScanner at ecs.soton.ac.uk
Wed Dec 26 21:48:03 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Julian Field wrote:
> * PGP Signed: 12/21/07 at 17:42:14
> Hugo van der Kooij wrote:
>> > Old Signed by an unknown key
>> shuttlebox wrote:
>>> I've recently been involved in debugging Nortel HW and their support
>>> made some remarks about how MailScanner disarms HTML I wanted to share
>>> with the list.
>>> Anyone else this has happened to? Opinions? Could this be added to MS
>>> for more correct HTML rendering?
>> I have not been bitten by it. But their remark is a valid concern and
>> their proposed solution makes sense to me.
>> I would recommend to disable script that way in MailScanner.
> I'll take a look, but no guarantees as it's not just a tag replacement.
> Current planned improvements are:
> 1) etrust-autoupdate needs fixing to use the correct autoupdater in
> the latest version, while not breaking backwards compatibility with
> any previous versions.
Done that one.
> 2) Produce a customised report on receipt of password-protected
> archives, back to sender.
> 3) Comment out scripts in HTML emails, and some other HTML email.
Currently the entire text of the script should be removed, not just
commented out. Is this not working? With your example, I get the HTML
without the <script> tags nor the content.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 1012)
Comment: Use Thunderbird's Enigmail Add-on to verify this message
-----END PGP SIGNATURE-----
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner