News---Re: virus from 'support@microsoft.com' not blocked?

Julian Field mailscanner at ecs.soton.ac.uk
Thu May 29 09:25:12 IST 2003 

At 09:09 29/05/2003, you wrote:
>Excuse me for being stupid in advance but I know virtually nothing about
>Perl and when I installed the required modules for MailScanner I used
>CPAN as recommended.
>
># perl -MCPAN -e shell
>cpan> install SOME::MODULE
>
>I silently ignored your patches because I didn't know how to apply them.

<aargh>
Sorry but surely this is pretty clear:
    * <http://www.zeegee.com/code/perl/MIME-tools/>MIME-tools with an
<mime-tools-patch.htm>important security patch,
    * and <mime-tools-patch2.htm>a 2nd important security patch,
    * and a <mime-tools-patch3.htm>3rd important security patch,
    * and a <mime-tools-patch4.htm>4th important security patch
Doesn't that make the point that the patches might be worth applying?

The basic modules are indeed all available from CPAN, but the security
patches are not, which is partly why they are in bold. They are very important.

If you had followed the MIME-tools link, you would have been able to
download the source. On unpacking it, you would have discovered a file
called "Installing" which tells you how to build it.

I admit I assumed you knew a bit about how to apply a patch (hint: use the
"patch" command) but you could always have asked for help rather than just
ignoring what were clearly labelled as "important security patches".

You need to download the source, patch it, then build and install it.
</aargh>

I have just added the following to the web page that lists all this stuff:

In order to apply the patches to MIME-tools, you will have to download the
source (follow the MIME-tools link above), unpack it, apply the 4 patches
and then build and install the module by hand. If you don't know how to
apply patches, read "man patch". If you don't know how to install a Perl
module, then read the "Installing" file in the MIME-tools package you are
about to download.

Hopefully this is now clearer.

>When I installed the modules a lot of compiling seemed to go on, should
>I download source, patch it first and then compile it all manually? Or
>can I do it afterwards? How? Do I have to reinstall anything?
>
>Maybe just one extra line of info on this page would help or is it
>somewhere else?
>
>http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml
>
>I just learned how to spell Perl correctly. :-)
>
>/Peter Bonivart
>
>--Unix lovers do it in the Sun
>
>On Wed, 2003-05-28 at 23:31, Julian Field wrote:
> > I have been wading through the MIME-tools modules and its security patches
> > to see why some people are catching it correctly and some aren't.
> >
> > If you are letting the filename through, you do not have the MIME-tools
> > security patches applied correctly. The first patch introduces a variable
> > "$BADTOKEN" into MIME/Field/ParamVal.pm. If you do *not* have "BADTOKEN"
> > anywhere in ParamVal.pm, you have not applied the security patches
> correctly.
> >
> > Please check your Perl MIME-tools installations!
> >
> > Jules.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030529/801291aa/attachment.html

More information about the MailScanner mailing list