You are here: Re: virus sent vie webmail running on Apache « All PHP « IT news, forums, messages
Re: virus sent vie webmail running on Apache

Posted by ZeldorBlat on 05/08/07 13:27

On May 8, 12:21 am, "J.O. Aho" <u...@example.net> wrote:
> Joe wrote:
> > Hello,
>
> > I currently use a simple php webmail form with php's mail() function
> > doing the work to send messages to the site owner.
>
> > However, viruses are being sent via the form.
>
> > I tried adding a basic colaboration of amavis-new, ClamAV and
> > spamassasin, but that filter does not seem to catch them. I assume they
> > are injected into the Postfix process too late.
>
> > Any idea how I can eliminate this?
>
> The data you get to the mail() from the "FROM" input box has to be stripped
> from injected headers.
>
> A really simple check for injection is to
>
> $newfrom=erege_replace("[\r\n]","",$from);
> if($newfrom==$from) {
> mail(...);} else {
>
> //header had injected data, don't send it
>
> }
>
> --
>
> //Aho

Of course str_replace works just as well and is probably faster:

$newfrom = str_replace(array("\r", "\n"), '', $from);

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация