Dennis Peterson wrote:
Matt Fretwell wrote:
On Fri, 03 Mar 2006 16:43:24 -0800
Alex Gottschalk <[EMAIL PROTECTED]> wrote:


This check is causing our mail server to quarentine mail sent
from PHP  via postfix.  It looks like it's because PHP wants
to put CRLF on the  MIME headers instead of bare LFs.  Is
there any way to modify or remove  this behaviour?  At least
according to the PHP docs <URI:http://us3.php.net/function.mail>, it should be legal to
put \r\n  characters as linefeeds in MIME headers.



 Check the RFC's as to whether it is legal or not. 'Should be'
and 'must be' could be two very different things.

Upon reading RFC 2045, at least according to how I understand it, CRLF line terminators should be completely acceptable in MIME headers. From the RFC:

 The formal definition of these header fields is as follows:

     entity-headers := [ content CRLF ]
                       [ encoding CRLF ]
                       [ id CRLF ]
                       [ description CRLF ]
                       *( MIME-extension-field CRLF )

     MIME-message-headers := entity-headers
                             fields
                             version CRLF
                             ; The ordering of the header
                             ; fields implied by this BNF
                             ; definition should be ignored.

Replacing the CRLF with a bare LF in these headers causes Clamav to no longer quarantine these mail messages.

Not to mention it's a fragile function. The OP should google header injection to see the kinds of mischief your web form can face if you don't harden it for this exploit.

This would certainly be a concern if the mail originated from a public web-form. It's an internal mail that I'm testing against our virus scanner to make sure it won't be filtered from our end-users.

Cheers!

--Alex


/----------------------------------------------------------------------\
| Alex Gottschalk <[EMAIL PROTECTED]>                           |
| LetsTalk, Inc. -- IT Manager/Sysadmin                                |
\----------------------------------------------------------------------/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to