MailScanner 4.79.3-1 taint problem in TNEF module

ThB lists at
Mon Dec 7 14:40:31 GMT 2009


Just found another taint problem in MailScanner 4.79.3-1.
The lib/MailScanner/ module throws a taint error if I'm using the
external tnef expander.
TNEF Expander = /usr/local/bin/tnef --maxsize=100000000

# /opt/MailScanner/bin/MailScanner --debug --id 1NHa3y-0003zs-3E

In Debugging mode, not forking...
Trying to setlogsock(native)
INFO:: Meaningless output that goes nowhere, to keep SAVI happy
Building a message batch to scan...
Have a batch of 1 message.
Insecure dependency in rename while running with -T switch at
/opt/MailScanner/lib/MailScanner/ line 322.

Using the internal TNEF expander (TNEF Expander  = internal) works without


More information about the MailScanner mailing list