script disarming and large javascript messages
Steve Freegard
steve.freegard at fsl.com
Fri Nov 28 09:37:43 GMT 2008
Greg Matthews wrote:
> Is anyone else seeing a problem with disarming scripts within email
> resulting in messages containing ~200k of disarmed javascript? This
> looks like complete nonsense to the recipient.
Why are you getting e-mail with Javascript in it in the first place? I
can't think any e-mail clients that will run any javascript due to the
security issues of doing so.
> The script contains lots of references to Dana<foo>, here is a typical
> first chunk:
>
> var DanaShimData="var DSJsFuncs =
> [null,null,[{nm:\"go\",flg:0xf},{nm:\"dJ\",flg:0x37},],null,[{nm:\"item\",flg:0xf},{nm:\"href\",flg:0xf},{nm:\"save\",lcnm:\"save\",flg:0xb},{nm:\"open\",lcnm:\"open\",flg:0x3b},{nm:\"load\",lcnm:\"load\",flg:0x3b},{nm:\"eval\",flg:0x57},],.......
>
>
> Note that the lines are very long, sometimes over 5000 characters!
1000 characters including the CRLF is the maximum line length allowed by
the RFC. Is this the case pre-disarming?
> Is there any alternative to simply turning off script disarming? Seems
> drastic and possibly dangerous.
I'd definitely be finding out what this stuff is doing in an e-mail in
the first place.
Cheers,
Steve.
More information about the MailScanner
mailing list