Hi Dianne, On Tue, Apr 11, 2023 at 07:59:09AM -0400, Dianne Skoll via MIMEDefang wrote: > On Mon, 10 Apr 2023 11:32:46 +0200 > Florian Lohoff via MIMEDefang <[email protected]> wrote: > > > i'd like to drop/replace HTML attachments/mails which contain active > > components like javascript/javascript external refs. > > I think you'll find yourself blocking or damaging quite a lot of valid > email.
Javascript in emails is sub 0.1% - Its basically not in use. All mails i found in gigabytes of samples have been ads and crude stuff. I couldnt find legitimate mail with javascript. And after 3 Weeks of Downtime the mood is currently to even block all Microsoft Formats (docx, pptx, xlsx and the like) which we do right now. So my biggest concern is Mail with Javascript (Which was the origin) and PDF with active content. > If you do find HTML mail where the "body" is essentially a > document.write call on a function of a whole bunch of base64-encoded > content, then yeah... that's probably malicious and can be dropped. > Not exactly sure how to detect that, but IMO document.write in an HTML > mail is suspicious enough on its own to block. Flo -- Florian Lohoff [email protected] Any sufficiently advanced technology is indistinguishable from magic.
signature.asc
Description: PGP signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. MIMEDefang mailing list [email protected] https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
