First I don't believe there is any legit function for Javascript
and absolutely not in email. Filter all active code at the firewall
unless it comes from an authenticated and trusted source.
Mailed HTML forms, with javascript validation. As I understand it, this is
the only reason why this stuff is put up with today. I think we can do away
with it though. I've never used it and working around it (send a link, and
not the page) is done easily enough. (I am all for this!)
This goes for attachments too, filter out all the word and excell
documents with macros unless the sender is trusted. There must be
code readilly available to detect macros in these files.
You'd think so, but those are proprietary formats, my friend. And to my
knowledge, non-proprietary formats (Open Office) aren't stupid enough to
have macros (at least the auto-open ones) (the last time I checked).
Furthermore, trusting the sender is not enough, as we usually infect the
ones we love (those in our address books) when it's outlook virus time!
Second renaming the variables does not affect the ability of
recognizers to detect it, this was demonstrated by some anti-cheat
software that was developed at Southampton University in the
1980s. Code can be identified by the structure very easily.
Virus checkers use the same techniques.
Indeed you are correct, but I was referring to a word-type filter, and not a
structure-based one.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg