Check or Attack Name: badforwards

Selected e-mail accounts may contain dangerous .forward files.

The ability to forward (or pipe ) the delivered mail message to add-on programs or scripts can result in undesired or dangerous outcomes. These programs and scripts may contain security loopholes, and an attacker sending e-mail could take advantage of the exploit.

Thoroughly check your user's .forward files to see if any of them allow messages to be piped to add-on programs or scripts. Examine each .forward file for the pipe (|) character. An example of a potentially bad forward is: \user, "| /usr/local/bin/filter user"