From: Kevin C. <ke...@lo...> - 2006-03-20 15:38:54
|
On Mon, Mar 20, 2006 at 03:42:01PM +0100, Sebastian Ware wrote: > Has anyone had experience of receiving e-mail viruses in MailManager? > What kind of vulnerabilities does MM have? > > mvh sebastian Sebastien, We sanitize email when we display it on the user interface, in order to prevent what is known as Cross Site Scripting (XSS). This prevents malicious emails from putting their own HTML into the web page which manipulates the user's browser. This is the main exploit which affects online webmail services. As for viruses, these are normally sent as attachments, which will affect end users if they choose to download them from a message. Users should not be affected providing they do not download and run any attachments containing a malicious payload. If this is a concern, you should install anti-virus software on your user's desktops to prevent this from happening. There is virus scanning and sanitizing of incoming mail on our hosted platform, but this is not part of the open source product. If you want to add anti-virus scanning to MailManager, you should configure that on the mail server that MailManager receives its incoming mail from. Regards, Kevin -- Kevin Campbell Software Engineer Logicalware Ltd GPG Key: F480EC23 |