[Top] [Prev] [Next] [Bottom]




Blocking Java applets


Web pages in plain HTML and mail messages in HTML format, or with HTML format attachments, may contain Java applets. Java applets are programs which are downloaded and executed by the Web browser. It is possible for malicious applets to modify the local system in an undesirable way.

MIMEsweeper can be configured to detect and block Java applets. This is achieved by editing the [Validation] configuration section, to ensure that the DetectJava directive is no longer commented out.

For MAILsweeper the [Validation]configuration section is found in the validator configuration file, VALIDATE.CFG. For WEBsweeper it is found in the http and ftp configuration files, HTTP.CFG and FTP.CFG.

That is, change:

[Validation]
;DetectJava=VALATTR

to

[Validation]
DetectJava=VALATTR
The MIMEsweeper service(s) will have to be restarted for these changes to come into effect.
 
If DetectJava is activated for MAILsweeper, any message with an Java applet is discarded. The sender of the message is informed accordingly.
 

The Java applets are stripped and the page is still shown.

 
You may wish to block or allow Java applets for certain users or groups of users only. For example, you may only want to allow certain users to receive Java applets.

This can be achieved by creating a new AMUcheck rule to name the users and then setting an attribute during AMUcheck validation. This attribute can subsequently be checked in the [DetectJava] section, using a PerformIf directive (to block Java applets for certain users only) or a SkipIf directive (to allow Java applets for certain users only).

For example:

In AUTHFILE.TXT:

RESPONSE allow 
...
RESPONSE Allow_Java PRIORITY 1
RESPONSE deny PRIORITY 2

FROM *@* 
  To *@* allow          ;allow everything

FROM	*@*
To    user1@company.com Allow_Java
	user2@company.com Allow_Java
      user3@company.com Allow_Java
 
                       ;List of users allowed
                       ;to receive java applets.
FINISH

A new AMUcheck rule is defined. In this example, the rule names the users who are allowed to receive Java applets.1 When the addresses of a message match with this rule the <Response> generated by AMUcheck is Allow_Java. A new RESPONSE statement is also listed in the first section of the file, to define the Allow_Java <Response>.

In VALIDATE.CFG:

[AMU]
AuthFile=C:\MSW\CONFIG\AUTHFILE.TXT
If=Allow_Java, AllowJava=TRUE, allow

If the <Response> generated by AMUcheck is Allow_Java an attribute called AllowJava is created, with the value TRUE. This is the attribute checked by the SkipIf directive in the [DetectJava] configuration section.

The <Response> is then reset to allow. This is the actual <Response> generated by AMUcheck. It allows the message to be delivered normally, assuming no higher priority <Response> is generated by one of the configured plug-in validator instances.

[DetectExecutable]
SkipIf=AllowJava==TRUE
HaveJava=ContainerClass==Java

The value of the AllowJava attribute is checked in the [DetectJava] configuration section, using the SkipIf directive.

If the value is TRUE then checking by the [DetectJava] section is skipped.

For a similar configuration, using PerformIf to block Java applets for certain users only, see the blocking attachments example on page 5-29.

See the AMUcheck section on page 7-97 for more details. Also, for more details on the If, PerformIf and SkipIf directives, see the Common validator directives section on page 7-102.



[Top] [Prev] [Next] [Bottom]



1 These users are allowed to receive Java applets, so checking for Java applets can be skipped. This is achieved by including a SkipIf directive in the [DetectJava] section.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.