[Mimedefang] Looking for an example of obfuscated HTML
David F. Skoll
dfs at roaringpenguin.com
Wed Aug 6 09:27:01 EDT 2003
On Wed, 6 Aug 2003, Kevin A. McGrail wrote:
> All good points. However, in defense of the idea, I was posting more of a
> starting point to render the HTML into plain text.
I don't think this is tenable. You'd have to build a Javascript
interpreter into the system -- in fact, you'd probably end up sucking
in a good portion of the Mozilla code base to get what you need. (Some
spammers use JavaScript to render the pages.)
Plus, you'd need to emulate Internet Explorer bugs that spammers might
take advantage of to do non-standard rendering.
Once you add a language interpreter to your mail scanner, you open yourself
up to all kinds of attacks. For example, I can imagine a spammer using
JavaScript to render a page and then have it execute an infinite loop.
That's not really a big deal for a browser -- it just eats up CPU until you
switch to another page -- but it's deadly for a content-scanner.
HTML and especially JavaScript are simply too dangerous, too complicated,
and too poorly-specified for proper handling by a content filter. Of course,
I don't propose giving up -- there's no reason not to go for the low-hanging
fruit and the simpleminded tricks used by unsophisticated spammers -- but
realize that HTML mail is Pure Evil and will be the main method for sneaking
past content filters.
--
David.
More information about the MIMEDefang
mailing list