You are here: Re: virus sent vie webmail running on Apache « All PHP « IT news, forums, messages
Re: virus sent vie webmail running on Apache

Posted by J.O. Aho on 05/08/07 04:21

Joe wrote:
> Hello,
>
> I currently use a simple php webmail form with php's mail() function
> doing the work to send messages to the site owner.
>
> However, viruses are being sent via the form.
>
> I tried adding a basic colaboration of amavis-new, ClamAV and
> spamassasin, but that filter does not seem to catch them. I assume they
> are injected into the Postfix process too late.
>
> Any idea how I can eliminate this?

The data you get to the mail() from the "FROM" input box has to be stripped
from injected headers.

A really simple check for injection is to

$newfrom=erege_replace("[\r\n]","",$from);
if($newfrom==$from) {
mail(...);
} else {
//header had injected data, don't send it
}

--

//Aho

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация