The BES is configured to: - Convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone. - Prevent the BES from sending email messages with inline images to BlackBerry smartphones.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18394 | WIR1335-01 | SV-19929r3_rule | ECWN-1 | Low |
| Description |
|---|
| HTML email and inline images in email can contain malware or links to web sites with malware. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-07-14 |
Details
| Check Text ( C-23186r3_chk ) |
|---|
| Verify the BES has been configured correctly. For BES 5.0 BAS > Servers and components > Component view > Email > Massaging tab. Verify “Rich content turned on” is set to “False.” Verify “Automatic downloading of inline images turned on” is set to “False.” For BES 4.1.x - In the BlackBerry Manager, in the left pane, select a BES. - On the Server Configuration tab, click Edit Properties. - Click Messaging. - In the Messaging Options section, verify: o Rich Content Enabled is set to False. o Inline Images Enabled is set to False. Mark as a finding if the BES is not configured as required. Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5. |
| Fix Text (F-23378r1_fix) |
|---|
| The BES is configured to: - Convert HTML and RTF formatted email into text format before sending to a Blackberry smartphone. - Prevent the BES from sending email messages with inline images to BlackBerry smartphones. |