MailScanner 4.79.3-1 taint problem in TNEF module
ThB
lists at buschor.ch
Mon Dec 7 14:40:31 GMT 2009
Hello,
Just found another taint problem in MailScanner 4.79.3-1.
The lib/MailScanner/TNEF.pm module throws a taint error if I'm using the
external tnef expander.
TNEF Expander = /usr/local/bin/tnef --maxsize=100000000
# /opt/MailScanner/bin/MailScanner --debug --id 1NHa3y-0003zs-3E
In Debugging mode, not forking...
Trying to setlogsock(native)
INFO:: Meaningless output that goes nowhere, to keep SAVI happy
Building a message batch to scan...
Have a batch of 1 message.
Insecure dependency in rename while running with -T switch at
/opt/MailScanner/lib/MailScanner/TNEF.pm line 322.
Using the internal TNEF expander (TNEF Expander = internal) works without
problem.
regards
Thomas
More information about the MailScanner
mailing list