Mailing List Archive

How to remove <SCRIPT>....</SCRIPT> Code from mailpack
Hi All,
I have been using a combination of ripmime and
altermime in order to remove attachments from some
incoming mails. All exe, com, pif and bat etc files
are removed using due to a threat from viruses.
I use altermime --input=<filename> --removeall
once I see that after using ripmime any attachment is
of the above type.
One problem I am facing, there are some embedded
scripts in some mails coming from some Outlook Express
clients. There are supposedly scripts pertaining to
Redlof virus.

Is there any way I can disable the script at the
incoming level itself?

Inside the mail body, the virus code starts with :
<SCRIPT language=3Dvbscript>
document.write "<div style=3D'position:absolute;
left:0px; top:0px; =
width:0px; height:0px; z-index:28; visibility:
hidden'><"&"APPLET =
NAME=3DKJ"&"_guest HEIGHT=3D0 WIDTH=3D0 ="&"activeX.Active"&"XComponent></APPLET></div>"

<SCRIPT language=3Dvbscript>
ExeString =3D =

Then there is a whole lot of code, which is related to
the virus. Then it ends with </script>

Is there any way, I can remove everything between
Any help would be highly appreciated,

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
Re: How to remove <SCRIPT>....</SCRIPT> Code from mailpack [ In reply to ]
Hi there Subhasis,

> Is there any way, I can remove everything between
> <SCRIPT>.....</SCRIPT>
> Any help would be highly appreciated,

To be honest, the best I can suggest is to check the script against a grep for various signature components and trash
the entire email.

Is ripMIME decoding the script into a seperate file (I somehow think not).

The other option is to write a small program which strips out all the text between <SCRIPT> and </script>... the
problem will then be that the virus senders can just encode it in UU, QP or B64 and get past that.


Paul L Daniels - PLD Software - Xamime
Unix systems Internet Development A.B.N. 19 500 721 806
PGP Public Key at