>it appears that it is showing the sha256 of the .html file
yes, the javascript is in the html file - - the fault is "javascript used
in html", not the base64 encoded javascript part
>That means that the sha256 that shows in the log is different each time
and can't be use for the exception.
yes, like expected , if the content is change the hash will change
>vs just the portion of javascript that is being detected.
this is an image/gif - what should be bad with this file ???????
changelog : ... The native Base64 parts are decoded and analyzed like
every other attachment. ....
>I know I don't want to use a UserAttach exception for the sending email
address,
no luck
>Is there a way that I can allow the javascript code (which is constant
and in an ever changing html file) through using sha256 or another method,
but still block all other html files with javascript embedded?
define the :CSC exception for sender and recipient
and
write your own code to detect javascript and call this code using
$ASSP_AFC::checkExeExternal or $ASSP_AFC::checkExeExternalForce (both
documented in the ASSP_AFC code and called in sub isAnExe)
or something like : npRe in combination with BlockNPExes
>quick question - before I dig deeper, did the previous AFC plugin not
block javascript in HTML at all?
only for some special cases
>before I dig deeper
I don't want to - but possibly other list members.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 31.10.2022 19:20
Betreff: Re: [Assp-test] Allowing certain javascript in HTML to
pass
quick question - before I dig deeper, did the previous AFC plugin not
block javascript in HTML at all?
On Mon, Oct 31, 2022 at 10:21 AM K Post <nntp.p...@gmail.com> wrote:
The new AFC is blocking a nightly report that comes in HTML format with
javascript in it -- as I would expect, but before his new AFC, they were
erroneously slipping through.
I don't know why these reports weren't being blocked before, it's basic
HTML with a short block of javascript at the end. Of note, the javascript
starts like this and has a base64 image in its code - something that the
new AFC addresses:
<script type="text/javascript">
var iX = 0; var iY = 0; var iX = 0; var iY = 0;
var charting_img = "data:image/gif;base64, -- base 64 is here in real
code ==";
var iCurrent = "";
var images = document.getElementsByTagName('imgs');
So it looks like the new AFC works much better. Great.
Now I need an exception to allow these nightly reports through again.
Ordinarily, I'd allow the sha256 of the detected blocked file to allow the
code through, but in looking at the logs, it appears that it is showing
the sha256 of the .html file itself vs just the portion of javascript that
is being detected. That means that the sha256 that shows in the log is
different each time and can't be use for the exception.
Is there a way that I can allow the javascript code (which is constant and
in an ever changing html file) through using sha256 or another method, but
still block all other html files with javascript embedded?
I don't have control of the sending server. I know I don't want to use a
UserAttach exception for the sending email address, as that's used for
many other messages (frustratingly so).
I don't want an exception to allow html with javascript for the receiving
users regardless of the sender, that would be too much of a risk.
Thanks
[Anhang "attsu7e8.txt" gelöscht von Thomas Eckardt/eck] [Anhang
"att94tan.txt" gelöscht von Thomas Eckardt/eck]
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
