Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ripMIME: general

How to remove <SCRIPT>....</SCRIPT> Code from mailpack

 

 

ripMIME general RSS feed   Index | Next | Previous | View Threaded


subhasisg at yahoo

Apr 6, 2004, 9:35 PM

Post #1 of 2 (1357 views)
Permalink
How to remove <SCRIPT>....</SCRIPT> Code from mailpack

Hi All,
I have been using a combination of ripmime and
altermime in order to remove attachments from some
incoming mails. All exe, com, pif and bat etc files
are removed using due to a threat from viruses.
I use altermime --input=<filename> --removeall
--htmltoo
once I see that after using ripmime any attachment is
of the above type.
One problem I am facing, there are some embedded
scripts in some mails coming from some Outlook Express
clients. There are supposedly scripts pertaining to
Redlof virus.

Is there any way I can disable the script at the
incoming level itself?

Inside the mail body, the virus code starts with :
<SCRIPT language=3Dvbscript>
document.write "<div style=3D'position:absolute;
left:0px; top:0px; =
width:0px; height:0px; z-index:28; visibility:
hidden'><"&"APPLET =
NAME=3DKJ"&"_guest HEIGHT=3D0 WIDTH=3D0 =
code=3Dcom.ms."&"activeX.Active"&"XComponent></APPLET></div>"
</SCRIPT>

<SCRIPT language=3Dvbscript>
ExeString =3D =

Then there is a whole lot of code, which is related to
the virus. Then it ends with </script>

Is there any way, I can remove everything between
<SCRIPT>.....</SCRIPT>
Any help would be highly appreciated,


__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/


pldaniels at pldaniels

Apr 6, 2004, 9:51 PM

Post #2 of 2 (1232 views)
Permalink
Re: How to remove <SCRIPT>....</SCRIPT> Code from mailpack [In reply to]

Hi there Subhasis,

> Is there any way, I can remove everything between
> <SCRIPT>.....</SCRIPT>
> Any help would be highly appreciated,

To be honest, the best I can suggest is to check the script against a grep for various signature components and trash
the entire email.

Is ripMIME decoding the script into a seperate file (I somehow think not).

The other option is to write a small program which strips out all the text between <SCRIPT> and </script>... the
problem will then be that the virus senders can just encode it in UU, QP or B64 and get past that.



Regards.

--
Paul L Daniels - PLD Software - Xamime
Unix systems Internet Development A.B.N. 19 500 721 806
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
PGP Public Key at http://www.pldaniels.com/gpg-keys.pld

ripMIME general RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.