473,404 Members | 2,187 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > mail attachment security

Join Bytes to post your question to a community of 473,404 software developers and data experts.

Mail Attachment Security

I have created a script which attaches form uploaded files to an
email. What security is suggested to prevent attachments which may
contain viruses, etc. from being uploaded? I am running finfo_file()
to determine the mime-types of the files being uploaded, so it should
easy to exclude certain types of files based on this, or the file's
extension.

Also, I would like to send an alternative text with this email. Is
there a good script out there that removes HTML and converts to simple
formatted text?

TIA!
Jan 30 '07 #1
3 1389
>I have created a script which attaches form uploaded files to an
>email. What security is suggested to prevent attachments which may
contain viruses, etc. from being uploaded?
If the uploaded file is coming from an untrusted source, don't trust
it. It's probably SPAM. The worst stuff is just straight text
files that contain stuff that infects human minds (like MAKE MONEY
FAST chain letters).
>I am running finfo_file()
to determine the mime-types of the files being uploaded, so it should
easy to exclude certain types of files based on this, or the file's
extension.
Not nearly enough. MIME types and file names can be arbitrarly set to
misrepresent the contents.

Jan 31 '07 #2
On Wed, 31 Jan 2007 00:31:40 -0000, go***********@burditt.org (Gordon
Burditt) wrote:
>>I have created a script which attaches form uploaded files to an
email. What security is suggested to prevent attachments which may
contain viruses, etc. from being uploaded?

If the uploaded file is coming from an untrusted source, don't trust
it. It's probably SPAM. The worst stuff is just straight text
files that contain stuff that infects human minds (like MAKE MONEY
FAST chain letters).
>>I am running finfo_file()
to determine the mime-types of the files being uploaded, so it should
easy to exclude certain types of files based on this, or the file's
extension.

Not nearly enough. MIME types and file names can be arbitrarly set to
misrepresent the contents.
While I may agree with you, my client wants an upload so that is what
she gets. I may have to send the mails via SMTP so they run through a
Brightmail service and then Spam Assassin instead of going directly to
her mailbox. I was just hoping for something a bit simpler.
Jan 31 '07 #3
>While I may agree with you, my client wants an upload so that is what
>she gets. I may have to send the mails via SMTP so they run through a
Brightmail service and then Spam Assassin instead of going directly to
her mailbox. I was just hoping for something a bit simpler.
That might make your client secure, at the expense of racking up
counts of spam sent apparently by your web site to Brightmail. That
could cause trouble (blocking) down the road.

You could install several major antivirus programs and spam filter
on your web site, and run all the attachments through all of those.
I'm not sure that's simpler.
Feb 1 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
using mail() for attachments
by: PeterR | last post by:
I've spent weeks trying to write a function that is simple to use for sending emails with attachments, but I my programming skills are not that advanced. I've noticed a few postings in these...
PHP
2
Jacks php from mail script
by: Web Master | last post by:
Hi, I am having a little issue with Jacks Form mail php script. I have installed it and configured the form to get it to work, but for some bizarre reason I have 2 issues I can't seem to debug....
PHP
0
Microsoft Public Service e-mails (Previous mail update)
by: chausan | last post by:
Update ++++++ All attchment scanned with norton anti-virus w/ yahoo mail service and they all reported infected with virus Worm.Automat.AHB. ======================================== From:...
.NET Framework
2
"Invalid mail attachment" error from server only
by: GD | last post by:
Hi, An intranet application, with a SMTP mail function that lets users to attach files with emails by selecting files in their local computers (through a file browser component), works perfect on...
ASP.NET
3
unable to relay with vb.net system.mail
by: Chris Thunell | last post by:
I am using the following code to send email out in a vb.net web program through an exchange 2003 server. My web server is on a separate server. When i try to send email inside the office, it works...
ASP.NET
6
Launch default e-mail client with attachment
by: Kurt | last post by:
Hello, How do I launch default e-mail client (Otulook, Eudora...) with attachment? mailto: does not support attachments and SMTP does not open the default e-mail client. Kurt
Visual Basic .NET
1
using system.net.mail attachment is empty
by: theWizard1 | last post by:
The following sends my email, but the attachment is empty. The attachment should contain the data that is in the string that was created from the xmlReader. I have a stored procedure written...
ASP.NET
1
Monitoring number of smtp bytes sent through python e-mail socket
by: William Connery | last post by:
Hi, I have a small python program with e-mail capabilities that I have pieced together from code snippets found on the internet. The program uses the smtplib module to successfully send an...
Python
6
PHP Mail() and versions
by: cover | last post by:
I'm using PHP 5 at home w/Apache & MySQL on a test system where I write through a form to a database and also send an email to people on a drop down list. Purpose for this is an electronic log at...
PHP
1
How can i send the mail with db field attachment?
by: Chitu03 | last post by:
Hi I am already send a mail using Php with some attachement into it. My Problem is the attachement file is in my Database(mysql). I don't know how can i get from database and then add to my mail....
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!