LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Ok...here's another idea that I think would be useful in helping in fine tuning RegEx's, Keywords, etc. This may have been proposed before, but I have only been following the forum since last September.
In the quarantine area, you can double-click on a message to view it's raw source, including full headers. Frequently, I have had a need and to view a message as it was meant to be viewed...in a HTML browser type e-mail client. I believe it would help in sorting through all the raw source junk to "see" how certain functions embedded within the message actually work. I don't know about some of you other admins out there, but after several hours of weeding through thousands of e-mails per day (simply because my users are to lazy to check the quarantine area and manage their own spam, even though I have done everything ...including begging...LOL) only to find over time that the e-mails are quickly becoming embedded with so much extranious crap, that it;'s extremely difficult to figure out what they are trying to do and your eyes begin to play tricks on you.
If we had a second choice of how to view the messages, and in this case in HTML format (within a mini-browser window perhaps), it would really help to "see" what's going on within the message.
So, I propose a HTML viewer as well as the standard text viewer. This could simply be a button on the toolbar, or perhaps by right clicking on a message in the qaurantine, and having the two choices of how to view the contents of the quarantined message that is being scrutinized. I believe this would aid in identifying patterns or other ways to find a method to block certain messages.
Commnents?
Chuck

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Chuck Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Chuck Thanks(0) Quote Reply Topic: Yet Another Feature Request Posted: 12 March 2004 at 2:19am
	Ok...here's another idea that I think would be useful in helping in fine tuning RegEx's, Keywords, etc. This may have been proposed before, but I have only been following the forum since last September. In the quarantine area, you can double-click on a message to view it's raw source, including full headers. Frequently, I have had a need and to view a message as it was meant to be viewed...in a HTML browser type e-mail client. I believe it would help in sorting through all the raw source junk to "see" how certain functions embedded within the message actually work. I don't know about some of you other admins out there, but after several hours of weeding through thousands of e-mails per day (simply because my users are to lazy to check the quarantine area and manage their own spam, even though I have done everything ...including begging...LOL) only to find over time that the e-mails are quickly becoming embedded with so much extranious crap, that it;'s extremely difficult to figure out what they are trying to do and your eyes begin to play tricks on you. If we had a second choice of how to view the messages, and in this case in HTML format (within a mini-browser window perhaps), it would really help to "see" what's going on within the message. So, I propose a HTML viewer as well as the standard text viewer. This could simply be a button on the toolbar, or perhaps by right clicking on a message in the qaurantine, and having the two choices of how to view the contents of the quarantined message that is being scrutinized. I believe this would aid in identifying patterns or other ways to find a method to block certain messages. Commnents? Chuck

Sean Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 21 February 2005 Location: United States Status: Offline Points: 81	Post Options Post Reply Quote Sean Report Post Thanks(0) Quote Reply Posted: 12 March 2004 at 1:55pm
	I created HTML parsing in my Web Quatrentine Access Page. If you would like some bits let me know.

Chuck Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Chuck Thanks(0) Quote Reply Posted: 12 March 2004 at 2:04pm
	Hi Sean, Is this done with ASP? or another scripting language? In any event, yes I'd love to see what youv'e come up with. It doesn't really matter where it's doe I suppose, but it sure would be nice to see how some of this HTML cobbled together, and then maybe I can find new ways to block some of the more annoying and persisitant spam. Thanks, Chuck

Sean Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 21 February 2005 Location: United States Status: Offline Points: 81	Post Options Post Reply Quote Sean Report Post Thanks(0) Quote Reply Posted: 12 March 2004 at 2:16pm
	Simply Put: In ResolveSpam.asp: Change - <%=Server.HTMLEncode(rs("Msg"))%> to - <%=Response.Write(rs("Msg"))%> Save file as ResolveSpamAsHTML.asp Modify ListSpam.asp for the addition type: <a href="ResolveSpam.asp?QuarID=<%=QuarID%>&MsgID=<%=MsgID%>">Text</a><HR><a href="ResolveSpamAsHTML.asp?QuarID=<%=QuarID%>&MsgID=<%=MsgID%>">HTML</a> Hope that is clear, and helps. -Sean

Sean Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 21 February 2005 Location: United States Status: Offline Points: 81	Post Options Post Reply Quote Sean Report Post Thanks(0) Quote Reply Posted: 12 March 2004 at 2:17pm
	Just FYI It tends to modify the header information as well, but I have still found this to be real useful.

Chuck Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Chuck Thanks(0) Quote Reply Posted: 12 March 2004 at 2:22pm
	Thanks...I'll give that a try out later when I can free up some time to test it. Thanks, Chuck

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 13 March 2004 at 10:02am
	Sean, Chuck, While having HTML views can be very convenient, that can be also very dangerous. Viruses are very common in emails. It is fairly simple to craft an html email messages to cause the viewer, especially if the viewer is based on Internet Explorer, to attempt to autorun code in the email itself. Internet Explorer is vulnerable to buffer overruns, and since the quarantined emails are likely to contain bad emails, it would be dangerous to expose users to those messages, especially when new unknown viruses are released. The Outlook client nowdays blocks dangerous html content by default, but decoding the html without any checks and presenting it to the user in a browser could be dangerous. The same applies to the GUI. We could easily present the emails in html view, but the viewer would be based on IE, and thus the potential of infecting the server would always be lingering. We've looked into the possibility of using a non-IE based viewer, but the process became too complex and we abandoned it. Roberto F. LogSat Software

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 13 March 2004 at 10:02am
	Chuck, Please refer to http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=3181 for comments. Thanks, Roberto F. LogSat Software

ASB Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote ASB Thanks(0) Quote Reply Posted: 14 March 2004 at 1:28am
	I think it would be dangerous to display the HTML on a suspected virus or SPAM email... It's not a feature I would really want.

Sean Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 21 February 2005 Location: United States Status: Offline Points: 81	Post Options Post Reply Quote Sean Report Post Thanks(0) Quote Reply Posted: 15 March 2004 at 8:56am
	This wasn't really meant for public release. I was just helping Chuck on a way for him to develope his black/white list as an administrator, by being able to see what the message looks like in HTML. Please note that we use this feature only in our Administrator Web Console. I do see the risk if this is given to users, but for admins it is very useful. Therefore this should probablly not be release in SpamFilterISP as a feature, but use the ASP technique I list if you were to need to view some emails as HTML to better your filter list. Sorry to stir up any controversy.

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Yet Another Feature Request