MailScanner 4.79.3-1 taint problem in TNEF module
Julian Field
MailScanner at ecs.soton.ac.uk
Tue Dec 15 13:58:19 GMT 2009
Fixed. Will be in the next release.
Thanks for reporting it!
Jules.
On 07/12/2009 14:40, ThB wrote:
> Hello,
>
> Just found another taint problem in MailScanner 4.79.3-1.
> The lib/MailScanner/TNEF.pm module throws a taint error if I'm using the
> external tnef expander.
> TNEF Expander = /usr/local/bin/tnef --maxsize=100000000
>
>
> # /opt/MailScanner/bin/MailScanner --debug --id 1NHa3y-0003zs-3E
>
> In Debugging mode, not forking...
> Trying to setlogsock(native)
> INFO:: Meaningless output that goes nowhere, to keep SAVI happy
> Building a message batch to scan...
> Have a batch of 1 message.
> Insecure dependency in rename while running with -T switch at
> /opt/MailScanner/lib/MailScanner/TNEF.pm line 322.
>
>
> Using the internal TNEF expander (TNEF Expander = internal) works without
> problem.
>
>
> regards
> Thomas
>
>
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list