[Mimedefang] HTML Mail / Active content filter
giovanni at paclan.it
giovanni at paclan.it
Tue Apr 11 05:49:39 EDT 2023
On 4/10/23 11:32, Florian Lohoff via MIMEDefang wrote:
>
> Hi,
> i'd like to drop/replace HTML attachments/mails which contain active
> components like javascript/javascript external refs.
>
>
> <script language="javascript></script>
>
> or
>
> <html><head>
> <script type="text/javascript" src="http://a.b.c.d"></script>
> </head></html>
>
> Basically going through all text/html etc parts. I am unshure whether
> i'd need to really decode HTML with HTML::Parse or the like to find it
> or if simple "regex" matching would be sufficient. Currently i am
> dropping this by spamassassin with custom filters using regex.
>
> Has anyone an example for this or experience which HTML perl module
> is the most stable?
>
it can be done using HTML::Parser, and then running Mail::MIMEDefang::Actions:action_rebuild().
In some cases it can be tricky because html attachments could be base64 encoded.
Giovanni
> And while at it. I tried my luck to do this also with PDF with active
> content, trying to parse PDF with CAM::PDF (or PDF::API2) to drop
> PDFs with active content. So if anyone has suggestions here would
> also be nice.
>
> Flo
>
>
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> MIMEDefang mailing list MIMEDefang at lists.mimedefang.org
> https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20230411/df5f0760/attachment.sig>
More information about the MIMEDefang
mailing list