Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Yet Another Feature Request
  FAQ FAQ  Forum Search   Register Register  Login Login

Yet Another Feature Request

 Post Reply Post Reply
Author
Chuck View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Chuck Quote  Post ReplyReply Direct Link To This Post Topic: Yet Another Feature Request
    Posted: 12 March 2004 at 2:19am

Ok...here's another idea that I think would be useful in helping in fine tuning RegEx's, Keywords, etc. This may have been proposed before, but I have only been following the forum since last September.

In the quarantine area, you can double-click on a message to view it's raw source, including full headers. Frequently, I have had a need and to view a message as it was meant to be viewed...in a HTML browser type e-mail client. I believe it would help in sorting through all the raw source junk to "see" how certain functions embedded within the message actually work. I don't know about some of you other admins out there, but after several hours of weeding through thousands of e-mails per day (simply because my users are to lazy to check the quarantine area and manage their own spam, even though I have done everything ...including begging...LOL) only to find over time that the e-mails are quickly becoming embedded with so much extranious crap, that it;'s extremely difficult to figure out what they are trying to do and your eyes begin to play tricks on you.

If we had a second choice of how to view the messages, and in this case in HTML format (within a mini-browser window perhaps), it would really help to "see" what's going on within the message.

So, I propose a HTML viewer as well as the standard text viewer. This could simply be a button on the toolbar, or perhaps by right clicking on a message in the qaurantine, and having the two choices of how to view the contents of the quarantined message that is being scrutinized. I believe this would aid in identifying patterns or other ways to find a method to block certain messages.

Commnents?

Chuck

 

 

 

Back to Top
Sean View Drop Down
Groupie
Groupie
Avatar

Joined: 21 February 2005
Location: United States
Status: Offline
Points: 81
Post Options Post Options   Thanks (0) Thanks(0)   Quote Sean Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2004 at 1:55pm
I created HTML parsing in my Web Quatrentine Access Page. If you would like some bits let me know.
Back to Top
Chuck View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Chuck Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2004 at 2:04pm

Hi Sean,

Is this done with ASP? or another scripting language? In any event, yes I'd love to see what youv'e come up with. It doesn't really matter where it's doe I suppose, but it sure would be nice to see how some of this HTML cobbled together, and then maybe I can find new ways to block some of the more annoying and persisitant spam.

Thanks,

Chuck

 

Back to Top
Sean View Drop Down
Groupie
Groupie
Avatar

Joined: 21 February 2005
Location: United States
Status: Offline
Points: 81
Post Options Post Options   Thanks (0) Thanks(0)   Quote Sean Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2004 at 2:16pm

Simply Put:

In ResolveSpam.asp:
Change -  <%=Server.HTMLEncode(rs("Msg"))%>

to - <%=Response.Write(rs("Msg"))%>

Save file as ResolveSpamAsHTML.asp

Modify ListSpam.asp for the addition type:

<a href="ResolveSpam.asp?QuarID=<%=QuarID%>&MsgID=<%=MsgID%>">Text</a><HR><a href="ResolveSpamAsHTML.asp?QuarID=<%=QuarID%>&MsgID=<%=MsgID%>">HTML</a>

Hope that is clear, and helps.

-Sean

Back to Top
Sean View Drop Down
Groupie
Groupie
Avatar

Joined: 21 February 2005
Location: United States
Status: Offline
Points: 81
Post Options Post Options   Thanks (0) Thanks(0)   Quote Sean Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2004 at 2:17pm

Just FYI

It tends to modify the header information as well, but I have still found this to be real useful.

Back to Top
Chuck View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Chuck Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2004 at 2:22pm

Thanks...I'll give that a try out later when I can free up some time to test it.

Thanks,

Chuck

 

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 March 2004 at 10:02am

Sean, Chuck,

While having HTML views can be very convenient, that can be also very dangerous. Viruses are very common in emails. It is fairly simple to craft an html email messages to cause the viewer, especially if the viewer is based on Internet Explorer, to attempt to autorun code in the email itself. Internet Explorer is vulnerable to buffer overruns, and since the quarantined emails are likely to contain bad emails, it would be dangerous to expose users to those messages, especially when new unknown viruses are released. The Outlook client nowdays blocks dangerous html content by default, but decoding the html without any checks and presenting it to the user in a browser could be dangerous.

The same applies to the GUI. We could easily present the emails in html view, but the viewer would be based on IE, and thus the potential of infecting the server would always be lingering. We've looked into the possibility of using a non-IE based viewer, but the process became too complex and we abandoned it.

Roberto F.
LogSat Software

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 March 2004 at 10:02am

Chuck,

Please refer to http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=3181 for comments.

Thanks,

Roberto F.
LogSat Software

Back to Top
ASB View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote ASB Quote  Post ReplyReply Direct Link To This Post Posted: 14 March 2004 at 1:28am

I think it would be dangerous to display the HTML on a suspected virus or SPAM email...

It's not a feature I would really want.

Back to Top
Sean View Drop Down
Groupie
Groupie
Avatar

Joined: 21 February 2005
Location: United States
Status: Offline
Points: 81
Post Options Post Options   Thanks (0) Thanks(0)   Quote Sean Quote  Post ReplyReply Direct Link To This Post Posted: 15 March 2004 at 8:56am
This wasn't really meant for public release. I was just helping Chuck on a way for him to develope his black/white list as an administrator, by being able to see what the message looks like in HTML. Please note that we use this feature only in our Administrator Web Console. I do see the risk if this is given to users, but for admins it is very useful. Therefore this should probablly not be release in SpamFilterISP as a feature, but use the ASP technique I list if you were to need to view some emails as HTML to better your filter list. Sorry to stir up any controversy.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.094 seconds.