Title: Iframe messages
Hi All,
What’s the consensus about messages with embedded iframe links?
They look like a great potential for viral activity because they can be used to auto-download viruses, etc.. The reason I ask is my secondary AV caught a couple of messages that got past clam that weren’t carrying a virus as such but contained iframe code.
If I block messages at the server using RFC822 filters would I potentially stop legitimate mail (can’t think of any that would need to use iframe, unless HTML mail relies on it heavily) ?
What’s strange about these messages is the href is obscured too, and it says to follow the link if it doesn’t auto open to a website that I know doesn’t exist (I know because it’s the www part of our company domain name but we don’t operate a web server on the domain, only mail).
Any thoughts?
Cheers,
Stuart.
- RE: [Clamav-users] Iframe messages Stuart Mycock
- RE: [Clamav-users] Iframe messages Colin A. Bartlett
- RE: [Clamav-users] Iframe messages Randal, Phil
