| Author |
 Topic  |
|
|
Zuel
Average Member
USA
540 Posts |
 Posted - 14 March 2006 : 16:14:50
|
Our mailscanner (an automated content monitoring gateway) has stopped the
following message:
Message: B4416d1810000.000000000001.0001.mml
From: <user>@hotmail.com
To: <another_user>@faktab.se
Subject: RE: Sent From Snitz Forums 2000 by tribaliztic
Because it believes the message or an attachment to this message
contains Script or Code. This detection is based on scanning
the content for Scripting and code commands.
The System Administrator will assess this message and determine
if the code is harmful or benign. Once assessed it may be passed
to <same_user_as_above>@faktab.se if appropriate.
Rule: Content Security (Inbound) : Block Script and Code
Kind regards
FAKTAB FINANS AB
Direct tel: + 1234567
Direct fax: + 1234567
If it fails to send through your webmail, shouldn't the script be caught before the user presses send? Like throw an error message around it or something.
Other then not posting code, how could we prevent this or recover the email that was lost?< |
My Completed Mods: News Mod | Zuel's Avatar Add-on
In Development: World of Warcraft Member Roster | [C# Based Forum]
Note - I may take a few days to recieve your email. Hotmail filters all new emails as junk. Would be best to post all questions, concerns in a forum topic to catch my immediate attention. This way others can assist and also correct any similar mistakes.
MSN / E-Mail: ucyimDa_Ruler@Hotmail.com
Personal Bookmarks: How to work a DBS File
|
Edited by - Zuel on 14 March 2006 16:16:07 |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 14 March 2006 : 16:44:28
|
You had posted this in the bug forum. You suggesting the forum should prevent the sending of code via email?
Apart from that, I'm not sure what you're saying. Some email servers are more strict than others. Sending code via the forum email option will render as text in my email client. Only way I can see code being executed is if the email is sent as an HTML with the code included. The forum sends all emails as plain text.< |
Support Snitz Forums
|
 |
|
|
Zuel
Average Member
USA
540 Posts |
Posted - 14 March 2006 : 16:56:17
|
Well what I'm saying is, why let the web service tell the receiptent the email is being blocked. Why not have snitz check for hostile code and inform the user who is sending the email to alter it so it doesn't look like an attack.
I don't mind when a fellow member sends me code but this one was blocked for some reason. Doesn't tell me what caused the flag either. I could be wrong because I don't use the feature often, but isn't that email contents now gone for good? If I was Trib, I wouldn't be too fond of rewriting the email. I guess it is one of my pet peeves.
quote:
Apart from that, I'm not sure what you're saying. Some email servers are more strict than others. Sending code via the forum email option will render as text in my email client. Only way I can see code being executed is if the email is sent as an HTML with the code included. The forum sends all emails as plain text.
I see. I guess he will have to use his own mail service to send me an email. Which is fine, no biggie then.
< |
My Completed Mods: News Mod | Zuel's Avatar Add-on
In Development: World of Warcraft Member Roster | [C# Based Forum]
Note - I may take a few days to recieve your email. Hotmail filters all new emails as junk. Would be best to post all questions, concerns in a forum topic to catch my immediate attention. This way others can assist and also correct any similar mistakes.
MSN / E-Mail: ucyimDa_Ruler@Hotmail.com
Personal Bookmarks: How to work a DBS File
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 14 March 2006 : 18:32:14
|
The thing is Zuel, the email sent from the forums are of the type text/plain. So no matter what kind of code you enter into it, javascript, html, vbscript, etc. it cannot do any harm to the user who is receiving it. It will just come as plain text.
Now if the admin of the forum modified the inc_mail.asp code to allow to send HTML emails from the forum, then he has compromised his members security.
The server that has blocked this email from trib, is way too strict. If it was sent from this forum, it would be sent as text/plain. But it seems it didn't take that into account. Maybe you should talk to the administrator about it? Not sure how far that will get you though.< |
Support Snitz Forums
|
|
|
|
Zuel
Average Member
USA
540 Posts |
|
|
tribaliztic
Senior Member
Sweden
1532 Posts |
Posted - 15 March 2006 : 03:26:06
|
heh, the admins at my work (where a copy of the mail is sent when you e-mail me from this forum) are even more paranoid than I am and therefor you got this mail Zuel.
I got your mail at home so no harm done.
Would someone please delete the contact info and such from the first post in this thread =)
< |
/Tribaliztic
- www.gotlandrace.se -
|
|
|
|
Zuel
Average Member
USA
540 Posts |
Posted - 15 March 2006 : 10:10:59
|
Oh, I just replied to your post saying your email ah nevermind.
Guess this topic has no point.< |
My Completed Mods: News Mod | Zuel's Avatar Add-on
In Development: World of Warcraft Member Roster | [C# Based Forum]
Note - I may take a few days to recieve your email. Hotmail filters all new emails as junk. Would be best to post all questions, concerns in a forum topic to catch my immediate attention. This way others can assist and also correct any similar mistakes.
MSN / E-Mail: ucyimDa_Ruler@Hotmail.com
Personal Bookmarks: How to work a DBS File
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
|
| |
Topic |
|
Sending an Email via Snitz
Topic Locked
That's alright Zuel.