MailScanner 4.79.3-1 taint problem in TNEF module
MailScanner at ecs.soton.ac.uk
Tue Dec 15 13:58:19 GMT 2009
Fixed. Will be in the next release.
Thanks for reporting it!
On 07/12/2009 14:40, ThB wrote:
> Just found another taint problem in MailScanner 4.79.3-1.
> The lib/MailScanner/TNEF.pm module throws a taint error if I'm using the
> external tnef expander.
> TNEF Expander = /usr/local/bin/tnef --maxsize=100000000
> # /opt/MailScanner/bin/MailScanner --debug --id 1NHa3y-0003zs-3E
> In Debugging mode, not forking...
> Trying to setlogsock(native)
> INFO:: Meaningless output that goes nowhere, to keep SAVI happy
> Building a message batch to scan...
> Have a batch of 1 message.
> Insecure dependency in rename while running with -T switch at
> /opt/MailScanner/lib/MailScanner/TNEF.pm line 322.
> Using the internal TNEF expander (TNEF Expander = internal) works without
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner