The new AFC is blocking a nightly report that comes in HTML format with
javascript in it -- as I would expect, but before his new AFC, they were
erroneously slipping through.
I don't know why these reports weren't being blocked before, it's basic
HTML with a short block of javascript at the end. Of note, the javascript
starts like this and has a base64 image in its code - something that the
new AFC addresses:
<script type="text/javascript">
var iX = 0; var iY = 0; var iX = 0; var iY = 0;
var charting_img = "*data**:image/gif;base64*, -- base 64 is here in
real code ==";
var iCurrent = "";
var images = document.getElementsByTagName('imgs');
So it looks like the new AFC works much better. Great.
Now I need an exception to allow these nightly reports through again.
Ordinarily, I'd allow the sha256 of the detected blocked *file* to allow
the code through, but in looking at the logs, it appears that it is showing
the sha256 of the .html file itself vs just the portion of javascript that
is being detected. That means that the sha256 that shows in the log is
different each time and can't be use for the exception.
*Is there a way that I can allow the javascript code (which is constant and
in an ever changing html file) through using sha256 or another method, but
still block all other html files with javascript embedded?*
I don't have control of the sending server. I know I don't want to use a
UserAttach exception for the sending email address, as that's used for many
other messages (frustratingly so).
I don't want an exception to allow html with javascript for the receiving
users regardless of the sender, that would be too much of a risk.
Thanks
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
