Dennis Peterson wrote:
Matt Fretwell wrote:
On Fri, 03 Mar 2006 16:43:24 -0800
Alex Gottschalk <[EMAIL PROTECTED]> wrote:
This check is causing our mail server to quarentine mail sent
from PHP via postfix. It looks like it's because PHP wants
to put CRLF on the MIME headers instead of bare LFs. Is
there any way to modify or remove this behaviour? At least
according to the PHP docs <URI:http://us3.php.net/function.mail>, it
should be legal to
put \r\n characters as linefeeds in MIME headers.
Check the RFC's as to whether it is legal or not. 'Should be'
and 'must be' could be two very different things.
Upon reading RFC 2045, at least according to how I understand it, CRLF
line terminators should be completely acceptable in MIME headers. From
the RFC:
The formal definition of these header fields is as follows:
entity-headers := [ content CRLF ]
[ encoding CRLF ]
[ id CRLF ]
[ description CRLF ]
*( MIME-extension-field CRLF )
MIME-message-headers := entity-headers
fields
version CRLF
; The ordering of the header
; fields implied by this BNF
; definition should be ignored.
Replacing the CRLF with a bare LF in these headers causes Clamav to no
longer quarantine these mail messages.
Not to mention it's a fragile function. The OP should google header
injection to see the kinds of mischief your web form can face if you
don't harden it for this exploit.
This would certainly be a concern if the mail originated from a public
web-form. It's an internal mail that I'm testing against our virus
scanner to make sure it won't be filtered from our end-users.
Cheers!
--Alex
/----------------------------------------------------------------------\
| Alex Gottschalk <[EMAIL PROTECTED]> |
| LetsTalk, Inc. -- IT Manager/Sysadmin |
\----------------------------------------------------------------------/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
