Hey Jim, Also, I'd reconsider allowing access to sites that are poorly coded. Its sort of the tip of the iceburg and who knows what else is going on under the hood. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, February 23, 2005 8:39 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Script Injections <p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI MailSecurity's HTML threat engine found HTML scripts in this email and has disabled them.</font></b></p>http://www.ISAserver.org Sorry Rob, Work got the better of me yesterday. I have a sorta-list that I and another guy assemble to "educate" one customer. I'll dig up the mails and summarize it today. Alternatively, you can edit that filter to trigger on <Xcript instead... ..unfortunately, that's only one of literally dozens of "tag attacks". -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Wednesday, February 23, 2005 6:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Script Injections http://www.ISAserver.org Hey Jim-- Any chance you've had a mo to find these RFCs? I've been looking for them myself with no luck. If you could even just point me to the right place, that would be great. Thanks, Rob ________________________________ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, February 22, 2005 12:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Script Injections http://www.ISAserver.org I literally hate these jerks that think adding XML or HTTP tags to a query is valid web site programming! The fact is, this is the most basic form of script injection. I have some RFC's that give valid URL syntax - I'll fwd them later... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/><!-- http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- ________________________________ From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Tuesday, February 22, 2005 08:45 To: [ISAserver.org Discussion List] Subject: [isalist] Script Injections http://www.ISAserver.org Hi all-- Sometime back I used Jim Harrison's VBS script to block script injections (the StartOfTag (<) and EndOfTag (>) things). I've run into a couple of legitimate websites that are now blocked by our firewall. Are there legitimate reasons an HTML programmer would use these tags? I'd like to at least sound educated when I contact the website folks to tell them why I'm blocking them. Thanks, Rob ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx