The BES must be configured to convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone and prevent the BES from sending email messages with inline images to BlackBerry smartphones.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18394	WIR1335-01	SV-19929r5_rule	ECWN-1	Low

Description
HTML email and inline images in email can contain malware or links to web sites with malware.

STIG	Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide	2012-02-02

Details

Check Text ( C-23186r4_chk )
Verify the BES has been configured correctly. BAS > Servers and components > Component view > Email > Massaging tab. Verify “Rich content turned on” is set to “False”. Verify “Automatic downloading of inline images turned on” is set to “False”. Mark as a finding if the BES is not configured as required. Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5.

Check Text ( C-23186r4_chk )

Verify the BES has been configured correctly.

BAS > Servers and components > Component view > Email > Massaging tab.
Verify “Rich content turned on” is set to “False”.
Verify “Automatic downloading of inline images turned on” is set to “False”.

Mark as a finding if the BES is not configured as required.

Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5.

Fix Text (F-23378r2_fix)
Configure the BES to: - Convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone; and - Prevent the BES from sending email messages with inline images to BlackBerry smartphones.