This page documents the ATTACK_DETECTION_MIME configuration setting in FormMail.
Type Of Setting
ATTACK_DETECTION_MIME is a LEAVE setting, which means...
LEAVE : you can change this setting if you really need to and know what you're doing, but we recommend that you leave this setting unchanged.
Précis
Enables the "MIME attack" detection.
Description
Set ATTACK_DETECTION_MIME to false if you don't want FormMail's attack detection to check for the MIME attack.
The MIME attack is where the recipient's address (or other header field) is carefully crafted to try to fool FormMail into sending an email with a virus or other malware file attached.
Note that Tectite FormMail has always been invulnerable to this type of attack - your server is safe with Tectite FormMail.
The purpose of the ATTACK_DETECTION_MIME setting is to allow you to ignore these attacks (no errors or alerts will be sent to you) and to send the user/attacker to an explanatory page.
The fields checked for this attack were:
- recipients
- cc
- bcc
- subject (from FormMail version 8.00)
Default Value
From version 9 onwards:
$ATTACK_DETECTION_MIME = true;
Before version 9:
define("ATTACK_DETECTION_MIME",true);
Examples
From version 9 onwards:
$ATTACK_DETECTION_MIME = false;
Before version 9:
define("ATTACK_DETECTION_MIME",false);