Allow WebBug

Glenn Steen glenn.steen at
Fri Feb 6 12:52:34 GMT 2009

2009/2/6 Michael Mansour <micoots at>:
> Hi,
> I have a client who asked for the disarmed messages to be removed from his emails.
> I searched through the MailScanner config and could only find areas which would remove the disarmed message from the subject line, not the message body.
> Is there a way that the message can continue to be disarmed while not showing the disarmed notification in the message body?
> After discussing this with him, he asked that the "Allow WebBug" feature be enabled for him. After configuring and setting the ruleset:
> To:           blah at        no
> FromOrTo:     default              disarm
> a day went by with that and he then informed me that he was no longer receiving HTML emails, but plain text for emails he knew where originally HTML.
> I tried to reproduce this problem but couldn't, so reverted him back to disarmed emails.
> Does anyone know of any bug with MailScanner that would cause the "Allow WebBug" feature to strip HTML?
> I haven't ruled out the possibility that he has a virus scanner installed on his PC which may be doing this, but I also use MailWatch and when he releases the email from MailWatch it comes through as HTML, while the original send he says is only text based.
> I'm using mailscanner-4.73.1-1
> Any suggestions are appreciated.
> Michael.
Hello Michael,

Why not set it to use with Jules nice ... replacement gif? If you have
Web Bug Replacement =
With that, the evil "counters" will be replaced with Jules nice
well-behaved one:).
I've never seen that generating any "Disarmed" notices in the actual code.
What can, and do, happen with the various "disarmaments" MS can do is
that it might invalidate a block av code, so that the code block get
interpreted as plain text. I've mostly seen that with script tags
(which I disarm).
I've never informed my users of disarmament via the Subjetc line
rewriting. It would only cause unwarranted anxiety:-).
I think you should look long and hard at what the implications are of
setting "Convert Dangerous HTML To Text = yes" in conjunction with the
disarm instructions. I have that set to "no", even though that might
open a small window of opportunity for the bad guys.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list