Re: Mail Attachment Security

---

• From: gordonb.a68sj@xxxxxxxxxxx (Gordon Burditt)
• Date: Wed, 31 Jan 2007 00:31:40 -0000

---

I have created a script which attaches form uploaded files to an
email. What security is suggested to prevent attachments which may
contain viruses, etc. from being uploaded?

If the uploaded file is coming from an untrusted source, don't trust
it. It's probably SPAM. The worst stuff is just straight text
files that contain stuff that infects human minds (like MAKE MONEY
FAST chain letters).

I am running finfo_file()
to determine the mime-types of the files being uploaded, so it should
easy to exclude certain types of files based on this, or the file's
extension.

Not nearly enough. MIME types and file names can be arbitrarly set to
misrepresent the contents.

.

---

• Follow-Ups:
  • Re: Mail Attachment Security
    • From: Tyrone Slothrop

• References:
  • Mail Attachment Security
    • From: Tyrone Slothrop

• Prev by Date: Re: PHP 4.4.4 vs Perl 5.8.7 for Object Oriented server code
• Next by Date: Re: Dumping an array to a web page
• Previous by thread: Mail Attachment Security
• Next by thread: Re: Mail Attachment Security
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: kadmin.local segfault gdb output (output from "backtrace") ... On Feb 13, 2008, at 12:22, Steven Miller wrote: ... Attachments get stripped out on this mailing list unless they have one of a specific set of MIME types. ... MIT Kerberos Consortium ... (comp.protocols.kerberos) Re: RFC: Fam/Python based script for bruteforce blocking ... attachments as a security measure. ... ones with MIME types it thinks are tasty. ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > PHP  > comp.lang.php  > 2007-01