Mail Attachment Security

From: Tyrone Slothrop <ts@xxxxxxxxxxxxx>
Date: Tue, 30 Jan 2007 11:20:07 -0800

I have created a script which attaches form uploaded files to an
email. What security is suggested to prevent attachments which may
contain viruses, etc. from being uploaded? I am running finfo_file()
to determine the mime-types of the files being uploaded, so it should
easy to exclude certain types of files based on this, or the file's
extension.

Also, I would like to send an alternative text with this email. Is
there a good script out there that removes HTML and converts to simple
formatted text?

TIA!
.

Follow-Ups:
- Re: Mail Attachment Security
  - From: Gordon Burditt

Prev by Date: Re: PHP and upload
Next by Date: Re: PHP and upload
Previous by thread: Calculating some formulas from database data
Next by thread: Re: Mail Attachment Security
Index(es):
- Date
- Thread

Relevant Pages

SUMMARY WAS: OT? Philosophical Question on SA responsibilities
... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
(SunManagers)
Re: Clarification-Win2k Netstat sockets interpretation
... snip.. ... Before I could manually download every security upate and servicepack from MS.com but now...they send you a bit of Cop-code that fails to run unless ALL defences are down ... Are you sure the script from ntsvcfg is benign in addition to being useful? ... You are absolutely correct there HAL, er ah, Sebastian. ...
(alt.computer.security)
[NT] Flaw in Windows Script Engine Could Allow Code Execution
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Script Engine provides Windows operating systems with the ... blocked by Outlook Express 6.0 and Outlook 2002 in their default ...
(Securiteam)
Re: BUG with RES/SCRIPT/XP-SP2
... I consider JavaScript (known to security people as JavaVirus) as one of the Really Top ... to have a bad script cause damage to my machine. ... This security feature is called the "Local Machine Zone Lockdown". ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
(microsoft.public.vc.mfc)
Re: execute WSH in a js file from html?
... file to be made part of the script of the page. ... This is a security issue with client-side scripting. ... Hypertext Application (HTA) instead. ... changing the extension from HTML to HTA. ...
(microsoft.public.scripting.wsh)