HTML form scanning?

Jon Dustin jdustin at
Mon Apr 6 16:47:46 IST 2009

Greetings -

I have MailScanner v4.74.16-1 running on a few SLES boxes. Hopefully this is "recent enough" for most features.

This morning an "interesting" mailfile slipped through MS: 

If you care to decode the base64 attachment, it is an HTML form that appears to take much of its content from Visa, with one key change:

form name="frm" action="" method="post" onsubmit="return valFrm()"

If I'm not mistaken, this is trying to redirect the user's credit card details to 

Should this message have been flagged? Or at least been marked in the HTML-part as "fraud attempt"?

Or is the encoded-part throwing off MS? Thanks for any assistance/suggestions you may be able to provide.


Jon Dustin - Network Specialist
University of Southern Maine
Portland, ME  207-780-4152

More information about the MailScanner mailing list