[Top] [Prev] [Next] [Bottom]




Blocking unsafe HTML


Web pages in plain HTML and mail messages in HTML format or with HTML format attachments, can contain code and references to programs that execute in the Web browser, for example:

Java applets can also be detected. See page 5-52 for details.

Scripts can be written in Java and VBScript and are executed by the Web browser. They utilise functions supported by the browser and could possibly exploit security holes, if they exist.

Automatic mailings are sent from Web browsers to Web servers without the users knowledge. They can reveal the mail identity of the user, the domain name and organisation name.

Internet shortcuts are files that reference programs and commands. Microsoft's Internet Explorer is capable of interpreting an Internet shortcut and executing the program it refers to.

This exploitation of Microsoft's Internet Explorer is present up to versions 3.01, without any patch applied.

 
It has also been shown that ActiveX controls in Web pages can be very dangerous. For details on how to block their use see the Blocking executables section on page 5-26 .

The HTML validator, VALHTML, is used to check Web pages and HTML in mail messages for the threats described above. It builds up a <Response> from the words Mail, Script and Shortcut, in alphabetical order, for the threats found to be present.

For example:

For a full table of <Response> values that may be built up and for more details on VALHTML, see page 7-90.

Each possible <Response> that can be generated in this way must have an entry in the [Disposal] configuration section. This section can be found in the mail configuration file, MIMESWP.CFG, for MAILsweeper, or the http configuration file, HTTP.CFG, for WEBsweeper.

These entries control the disposal actions taken.

For example:

[Disposal]
DefaultDisposal=Clean
...
;Script=BlockScript
MailScript=BlockMailScript
Mail=BlockMail
ScriptShortcut=BlockScriptShortcut
MailScriptShortcut=BlockMailScriptShortcut
MailShortcut=BlockMailShortcut
Shortcut=BlockShortcut
...
VIRUSPRESENT=Virus

The default MIMEsweeper installation is configured to block automatic mailings and shortcuts. It is not configured to block scripts.

If you also wish to block scripts then edit the [Disposal] section, to ensure that the Script directive is no longer commented out.

Many pages make use of scripts for simple animations so blocking their use might not be very practical.

That is, change:

[Disposal]
DefaultDisposal=Clean
...
;Script=BlockScript
...
VIRUSPRESENT=Virus

to

[Disposal]
DefaultDisposal=Clean
...
Script=BlockScript
...
VIRUSPRESENT=Virus
The MIMEsweeper service(s) will have to be restarted for these changes to come into effect.



[Top] [Prev] [Next] [Bottom]



msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.