On Mon, 10 Apr 2023 11:32:46 +0200 Florian Lohoff via MIMEDefang <[email protected]> wrote:
> i'd like to drop/replace HTML attachments/mails which contain active > components like javascript/javascript external refs. I think you'll find yourself blocking or damaging quite a lot of valid email. I think a better approach is to sanitize HTML parts by removing all tags except for a specific set of allowed tags. You may also want to remove tag attributes except for a specific set of allowed attributes. You could use a Perl module like HTML::Defang or HTML::Restrict or HTML::Scrubber or HTML::Detoxifier or... well, you have many options. :) Pick the one you like best. You probably also want to avoid rebuilding the message unless the HTML sanitizer actually made changes; there's no point in gratuitously creating a new message and possibly breaking signatures if nothing was changed. If you do find HTML mail where the "body" is essentially a document.write call on a function of a whole bunch of base64-encoded content, then yeah... that's probably malicious and can be dropped. Not exactly sure how to detect that, but IMO document.write in an HTML mail is suspicious enough on its own to block. Also, of course, plugging https://mailmunge.org/ :) Can't resist. Regards, Dianne.
pgpfC0dcZ7ZED.pgp
Description: OpenPGP digital signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. MIMEDefang mailing list [email protected] https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
