[RESOLVED] PHP emails and viruses. Any risk?

paulnaj

Hi,

Is it possible that an email sent via mail() (for example) could possibly get 'infected' with a virus on it's way out of the door?

Reason for asking: I imagine a client blaming me for it.

Related ... Does anyone know how I might go about passing an email sent either with mail() or via a remote smtp server through an anti-virus checker?

Cheers
P.

devinemke

all that PHP's [man]mail[/man] function does is hand the mail off to the server's SMTP app, so if your SMTP app has a virus then it could absolutely affect all outgoing mail.

NogDog

devinemke wrote:
all that PHP's [man]mail[/man] function does is hand the mail off to the server's SMTP app, so if your SMTP app has a virus then it could absolutely affect all outgoing mail.

In other words, the risk is no greater than sending email via Outlook through the SMTP mail server on that host.

The only risk I would be concerned with (other than incompetent system administrators on your web host) would be if your PHP application is accepting file uploads to be included in the mails, in which case you should incorporate some sort of virus-scanning application to scan them. And, of course, you need to sanitize any user inputs to prevent mail header injection that could allow hackers to use your script to send spam and other nasty things.

paulnaj

That all makes sense ... essentially what you're saying is that PHP 'adds' no risk itself.

I suppose though that it could compound a problem ... sending out infected emails one at a time is still not as bad as sending thousands out at a time.

Cheers for the help.
Paul