Allow WebBug

Glenn Steen glenn.steen at gmail.com
Fri Feb 6 12:52:34 GMT 2009 

2009/2/6 Michael Mansour <micoots at yahoo.com>:
> Hi,
>
> I have a client who asked for the disarmed messages to be removed from his emails.
>
> I searched through the MailScanner config and could only find areas which would remove the disarmed message from the subject line, not the message body.
>
> Is there a way that the message can continue to be disarmed while not showing the disarmed notification in the message body?
>
> After discussing this with him, he asked that the "Allow WebBug" feature be enabled for him. After configuring and setting the ruleset:
>
> To:           blah at blah.com        no
> FromOrTo:     default              disarm
>
> a day went by with that and he then informed me that he was no longer receiving HTML emails, but plain text for emails he knew where originally HTML.
>
> I tried to reproduce this problem but couldn't, so reverted him back to disarmed emails.
>
> Does anyone know of any bug with MailScanner that would cause the "Allow WebBug" feature to strip HTML?
>
> I haven't ruled out the possibility that he has a virus scanner installed on his PC which may be doing this, but I also use MailWatch and when he releases the email from MailWatch it comes through as HTML, while the original send he says is only text based.
>
> I'm using mailscanner-4.73.1-1
>
> Any suggestions are appreciated.
>
> Michael.
>
Hello Michael,

Why not set it to use with Jules nice ... replacement gif? If you have
Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif
With that, the evil "counters" will be replaced with Jules nice
well-behaved one:).
I've never seen that generating any "Disarmed" notices in the actual code.
What can, and do, happen with the various "disarmaments" MS can do is
that it might invalidate a block av code, so that the code block get
interpreted as plain text. I've mostly seen that with script tags
(which I disarm).
I've never informed my users of disarmament via the Subjetc line
rewriting. It would only cause unwarranted anxiety:-).
I think you should look long and hard at what the implications are of
setting "Convert Dangerous HTML To Text = yes" in conjunction with the
disarm instructions. I have that set to "no", even though that might
open a small window of opportunity for the bad guys.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list