[Mimedefang] javascript in html attachments
Joseph Brennan
brennan at columbia.edu
Fri Mar 5 14:07:59 EST 2004
--On Friday, March 5, 2004 1:54 PM -0500 Paul Whittney
<pwhittney at net.bacconsulting.com> wrote:
> I've recently seen an email (only one though, which is odd), with spam
> in it, but hidden inside a javascript message. The email body seems very
> light, just a simple subject, and simple "you file attached" in it.
I reported this a week or two ago, and followed up with mimedefang
code to disable script tags, which I really recommend doing. They
do not belong in email. Also iframe and object. There has already
been a virus (Klez) that used iframe to load html from the next part
that then did something else. This stuff does not belong in email.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list