-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 ***^\ ."_)~~ ~( __ _"o Was another beautiful day, Mon, 11 Jul 2005, @ @ at 17:12:27 +0200, when Roelof Otten wrote:
> Hallo alien, > [...] you wrote: A>> I'm trying to detect emails that have hidden http links to dangerous A>> files (scr, exe, etc) in HTML documents . Here are two examples: > HTML messages are attachments. AFAIK TB doersn't scan inside > attachments. There is (was?) difference in indicating attachments and HTML in the _header part_, against which I have Selective Download filters for the nasty senders on some lists (not TB ones <g>) and so far they were successfully detected this way... Content-Type: multipart/alternative [this one detects html] Content-Type: multipart/mixed [this one detects an attachment] ...and these parts combined with parts of sender's identity, for instance a... X-Yahoo-Profile: IsendLoonyColoredHTMLandLargeBoringAttachments ...are "parting out" the wanted messages just fine. But basically, if any HTML message (newsletter? or similarly "important" one) contains any "nasty" code, it shouldn't be "investigated" anymore but deleted from server (if is "unsolicited" that is; if is "solicited"...well, then that's it, to each his own <g>). - -- Mica PGP keys nestled at: http://bardo.port5.com/pgpkeys/ [Earth LOG: 313 day(s) since v3.0 unleashing] OSs: Windows 98 SE Micro Lite Professional IVa Enterprise Millennium with nestled ZipSlack(tm) Linux 9.1, and, for TB sometimes, Gentoo and Vector Linuxes via Wine... ~~~ For PM please use my full address as it is *exactly* given in my "From|Reply To" field(s). ~~~ -----BEGIN PGP SIGNATURE----- iD8DBQFC0rPd9q62QPd3XuIRA7mrAJ4wT6x0xw7MFrV2+y8HQwgD3a/LowCgmu+i Fxv3YGCWThGjt7W9tJoCPrI= =oSkX -----END PGP SIGNATURE----- ________________________________________________________ http://www.silverstones.com/thebat/TBUDLInfo.html