The BES must be configured to convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone and prevent the BES from sending email messages with inline images to BlackBerry smartphones.

From BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide

SV-19929r4_rule The BES must be configured to convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone and prevent the BES from sending email messages with inline images to BlackBerry smartphones.

Vulnerability discussion

HTML email and inline images in email can contain malware or links to web sites with malware.

Check content

Verify the BES has been configured correctly. BAS >> Servers and components >> Component view >> Email >> Messaging tab. Verify "Rich content turned on" is set to "False". Verify "Automatic downloading of inline images turned on" is set to "False". If the BES is not configured as required, this is a finding. Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5.

Fix text

Configure the BES to: - Convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone; and - Prevent the BES from sending email messages with inline images to BlackBerry smartphones.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.