> [EMAIL PROTECTED] wrote:
>
> > Addressed to: Jen Hall <[EMAIL PROTECTED]>
> > [EMAIL PROTECTED]
> >
> > ** Reply to note from Jen Hall <[EMAIL PROTECTED]> Tue,
> 20 Mar 2001 19:59:26 -0500
> > >
> > > Hi there
> > > I am trying to build an application where a user can use an
> > > HTML form, fill out some fields, select a file from their
> > > hard drive, and have it emailed as an attachment with the
> > > contents of the form. (essentially, fill in your name and
> > > address, use my module to attach ms-word file of your
> > > resume, send email of all).
> >
> >
> > > I am able to make it work with an image as the attachment,
> > > but when I select an MS-WORD document, which is the goal of
> > > this application, it still thinks it's an image, and doesn't
> > > work properly.
> >
> > Emailing a .doc file is a VERY BAD idea. VB for applications which is
> > embedded in word is very powerful. What happens when some hacker
> > decides to use your page to send a vba script like the naked wife virus
> > thru your program?
> >
> > Oh, here is a resume... lets take a look.
> >
> > Open the attachemnt.
> >
> > A burst of network activity while the vb script sends a
> > copy of itself to everyone in the victim's address book.
> >
> > Then the hard drive light comes on as the program deletes
> > a bunch of important files from the \windows\system directory.
> >
> > Finally the computer crashes because windows can't run
> > without the missing files. Even though the machine won't
> > boot, the computer forensics people recover the email, and
> > trace it back to you.
> >
> > The victim's lawyers come knocking on your door asking for
> > damages because you let some hacker release a virus thru
> > your program that wiped out several computers at the victim's
> > company, some of their customers, as well as several of
> > his friends.
> >
> > You are forced out of business because the damages are more
> > than the value of your entire company.
> >
> > Not good.
> >
> > Don't believe me? How about one of them:
> >
> > http://www.gcn.com/state/vol5_no11/enterprise/491-1.html
> >
> > http://members.door.net/kls/virusinfo.htm
> >
> > http://venus.soci.niu.edu/~cudigest/CUDS11/cud1120.html
> >
> > http://www.jwolsen.com/wtip035.htm
> >
> > Want more? - search for 'macro virus' on your favorite search engine.
> >
> > NEVER send .doc, .exe, .com, .bat or .vbs files as attachments, and
> > never - ever open them if one is sent to you. Not even from someone you
> > trust. Melissa, Anna and Naked Wife all depend on the fact that the
> > virus often comes from a trusted individual as part of their tactics,
> > and it works! Are you sure your anti-virus software is up to date?
> >
> > Rick Widmer
> > Internet Marketing Specialists
> > http://www.developersdesk.com
>
> Hi Rick
> I have advised my client of all of the risk you mention.
> They still want to go ahead. They feel that the bulk of their
> website visitors are
> trustworthy (huge assumption on their part), and they tell me
> they will assume all
> responsibility for virus checking, etc.
>
> I still need to know how to do it - technically - to allow an
> attachment of the kind they
> desire....
>
If you check my post on RE: [PHP] Attachment problem with web based mail -
CODE SAMPLE from earlier today you will find the code that will send the
file. You can always virus scanners the document before you send it (even
on a Unix box).
Regards
Grant Walters
Brainbench 'Most Valuable Professional' for Unix Admin
Walters & Associates, P O Box 13-043 Johnsonville, Wellington, NEW ZEALAND
Telephone: +64 4 4765175, CellPhone 025488265, ICQ# 23511989
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
