--On Monday, April 19, 2004 10:30 AM -0600 Lucas Albers <[EMAIL PROTECTED]> wrote:
This filter just removes inline html iframe exploit code? Had anyone complained about anything from this code? You've been using it in production for the past few month's without problems? If you use internal virus scanners, would it interfere with their signature matching of the email? Is this a feature that could be folded back into the default mimedefang?
Joseph Brennan said:
md_graphdefang_log('modify',"$badtag Iframe/Object/Script tag(s) deactivated by MIMEDefang using Columbia filter");
No complaints in about 10 months. We get 900,000 messages a day of which about 9,000 get this modification done.
The tag starting <no-object and so on is not valid html, so the whole thing is ignored.
Since we deactivate these, and remove executables including zip files, we have so far resisted antivirus software.
<rant> I see the latest Netsky makes use of a Microsoft invention called Dynamic HTML that does script-like things without any of these tags. Some use <STYLE...> tags to define the DHTML but there is a way to avoid even that. So far I do not see how to detect this one cleanly. Some of the triggers are normal English words followed by colon, so what would we do, disallow colons between < and >? If the virus mail didn't annoy non-MS users I'd be tempted to say I don't care any more. It's freakin ridiculous. </rant>
Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
