HTML links disarm?

mailscanner at barendse.to mailscanner at barendse.to
Mon Feb 7 10:03:45 UTC 2022


On Fri, 4 Feb 2022, Mark Sapiro wrote:

> On 2/4/22 06:11, mailscanner at barendse.to wrote:
>> 
>> Thanks!  I already have "Convert Dangerous HTML To Text = yes" in my 
>> config but that doesn't disarm every link in emails.  I am looking to do 
>> something like safelinks.protection.outlook.com where *every* link to 
>> outside world gets modified. Converting all email into plain text would 
>> still leave the links intact.
>
> Currently, MailScanner's disarming of links doesn't actually remove the 
> link or modify the target, but rather just changes the displayed text to 
> add a warning.
>
> Doing what you want would, I think, require significant code 
> modification. Perhaps we could implement some kind of plugin 
> architecture where you could specify a perl script to be used to filter 
> a message, but that doesn't currently exist.

Thanks!  Something which breaks the link in a way that it doesn't work 
without manual intervention would already help.

For example changing the http:// into pttp:// requiring the user to 
manually copy the link and correcting it would already help. They will 
then have to inspect the link and will see that they are trying to open a 
link to www.hax0rsinspace.com rather than www.dhl.com


More information about the MailScanner mailing list