|
|
Posted by jjohnston@mailwise.com on 05/16/07 15:44
On May 15, 5:34 pm, "C." <colin.mckin...@gmail.com> wrote:
> On 8 May, 00:57, Joe <j_ev...@upfronttechnology.com> wrote:
>
> > Hello,
>
> > I currently use a simple php webmail form with php's mail() function
> > doing the work to send messages to the site owner.
>
> > However, viruses are being sent via the form.
>
> > I tried adding a basic colaboration of amavis-new, ClamAV and
> > spamassasin, but that filter does not seem to catch them. I assume they
> > are injected into the Postfix process too late.
>
> > Any idea how I can eliminate this?
>
> Holy moley, you're letting users upload files into emails on your
> website then sending them using mail() !!!!
>
> ...and you wonder why you've got problems?
>
> Really, the question you're asking has nothing at all to do with PHP -
> unless you want to use PHP to launch clamscan on uploaded files before
> attaching them to emails (but bear in mind that anyone out to be
> malicious could always incorporate uuencded data inline).
>
> Clam + postfix worked a trick for me using clamsmtp. Its been a while
> since I looked at amavis - but even then it wasn't as bad as a lot of
> commercial AV tools.
>
> I'd try asking on a more apposite (i.e. amavis or postfix) newsgroup.
>
> C.
If you send your php mail via SMTP to your mail server instead of
using mail() it will travel the same path that inbound mail takes.
So . . . . if you have postfix set to use a before/after queue content
filter, your php mail will be filtered as well.
Navigation:
[Reply to this message]
|