I recently got an email that passed through Sanitizer with everything
on except for feat_paranoid, which contains some code that is clearly
up to no good. I'm looking for suggestions on how to configure Sanitizer
to stop thing like this from getting through. I would hate to simply
disable all cid: urls, since that would kill all embedded pictures.
But killing all "iframe" tags seems like a good idea in general. Here
is the offending snippet from the mail that suggested this:
Received message is available at:<br>
<a href="cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re" height=0
<iframe src="cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re" height=0 width=0>
Any suggestions would be appreciated.