Code inside message
Mark Sapiro
mark at msapiro.net
Thu Sep 7 16:30:08 UTC 2017
On 09/07/2017 05:38 AM, M A Young wrote:
> On Thu, 7 Sep 2017, Eoin Kim wrote:
>
>> One of managers in my company is getting Google Alert emails daily. On
>> arrival, the message shows {Disarmed} in the subject. When he opens the
>> message in Outlook, it looks like the whole message content shows up but
>> above it, a bunch of JSON codes are showing as well. Are there any related
>> configuration in MailScanner regarding this or is this an issue with
>> Outlook? Thank you very much.
>
> I suspect the json code is in a <script> block, which Mailscanner disarms
> by renaming it. The result is that the json code becomes visible, but it
> protects against and malicious code in such blocks that might get run.
You can control this in MailScanner via the Allow Script Tags setting
<https://www.mailscanner.info/MailScanner.conf.index.html#Allow%20Script%20Tags>.
You could make a rule set for this which would set "no" for these mails.
E.g., something like
From host:*.google.com no
FromorTo default disarm
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list