Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18394 | WIR1335-01 | SV-19929r3_rule | ECWN-1 | Low |
Description |
---|
HTML email and inline images in email can contain malware or links to web sites with malware. |
STIG | Date |
---|---|
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-07-14 |
Check Text ( C-23186r3_chk ) |
---|
Verify the BES has been configured correctly. For BES 5.0 BAS > Servers and components > Component view > Email > Massaging tab. Verify “Rich content turned on” is set to “False.” Verify “Automatic downloading of inline images turned on” is set to “False.” For BES 4.1.x - In the BlackBerry Manager, in the left pane, select a BES. - On the Server Configuration tab, click Edit Properties. - Click Messaging. - In the Messaging Options section, verify: o Rich Content Enabled is set to False. o Inline Images Enabled is set to False. Mark as a finding if the BES is not configured as required. Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5. |
Fix Text (F-23378r1_fix) |
---|
The BES is configured to: - Convert HTML and RTF formatted email into text format before sending to a Blackberry smartphone. - Prevent the BES from sending email messages with inline images to BlackBerry smartphones. |