Malicious Script Filter
The malicious script filter is a content filter that encodes executable scripts contained in the text of files when these files are uploaded to the Knowledge Management (KM) repositories. In addition to filtering new files during the upload, the filter also detects executable scripts in files that are being modified and encodes them when they are saved. The system automatically sends notification e-mails to the user who has uploaded or modified the file. If configured, the administrator of the filtered resources also receives a notification e-mail.
You use the malicious script filter to prevent accidental execution of executable scripts contained in text files that are to be uploaded or modified in the KM repositories.
The following table lists the parameters of the malicious script filter that can be specified during its the configuration:
|
Parameter |
Description |
|---|---|
|
Name |
Name of the filter |
|
All repositories |
If selected, the parameter determines that the filter applies to all repositories. Available in advanced mode. |
|
Priority |
Specification of filter priority. If multiple filters are applicable to a resource, the priority determines the order in which they are applied. A value of 1 indicates the highest and a value of 99 indicates the lowest priority. The default value is 1 . |
|
Repositories |
Selection of repositories whose content is to be filtered. Note
If the All repositories parameter is selected, the Repositories parameter is not taken into account. |
|
MIME Types |
MIME types of the resources to which the filter is to be applied. If you leave this input field empty, the filter is applied to all MIME types. Enter the required MIME type as it is specified in the MIME type configuration (for example, text/html ). For more information, see MIME Types and Symbols . You can apply the filter to more than one MIME type. Use a vertical slash to separate the entries (for example, a valid entry might be text/html|text/plain ). Note
Depending on the MIME handler service configuration, the entries might be case sensitive. For more information, see Mime Handler Service . |
|
Send E-Mail to Administrator |
Specify whether or not a notification e-mail is to be sent to the administrator of the filtered resources. Note
The administrator of the filtered resources is determined by the e-mail specified in the E-Mail of Administrator parameter. If no e-mail is specified, there is no administrator defined for the filtered resources. Therefore, regardless of the settings for the Send E-Mail to Administrator parameter, the system does not send notification e-mails to the administrator. |
|
E-Mail of Administrator |
Specification of the e-mail of an administrator as entered in the User Management Engine (UME) configuration of the respective user or group. The e-mail determines the administrator of the filtered resources. If no e-mail is specified, the administrator is not defined. A valid entry is a single e-mail or a distribution list (DL). Multiple entries are not possible. |
|
Forbidden Scripts |
Comma-separated list of banned script tags that will be encoded when the filter is applied (for example, a valid entry might be script,img ). |
To create a malicious script filter, or to change the configuration of an existing one, choose
System Administration 
System Configuration Content Management Repository Filters Show Advanced Options Malicious Script Filter 
.
You can optionally change the subject line of the notification e-mails. For more information about the customizable subject line for notification e-mails, see Notificator Service .
If you create a filter or modify an existing one, the changes take effect immediately. However, if you delete a filter, you must restart the Application Server Java (AS Java) for the changes to take effect.
To create the filter successfully, you must have selected either the All repositories parameter, or at least one repository from the repository list in the Repositories parameter. Otherwise, the filter is not created.
The system encodes the scripts specified in the configuration of the filter. If your scenario requires it, you can optionally decode the encoded scripts using the Malicious Script Handler report. For more information, see Encoding and Decoding Executable Scripts .