Insecure dependency @ WorkArea.pm

Julian Field MailScanner at ecs.soton.ac.uk
Thu Feb 11 14:55:02 GMT 2010 


On 11/02/2010 14:27, BlaaT 0001 wrote:
> Hello everybody,
>
> I've checked out the change log of the recently released 4.79.11-1
> version and noticed the many changes to solve the "tainted" problems
> when running MailScanner with some Perl versions.
>
> I'm running FreeBSD 8.0 release (no updates) and am still running into
> an "Insecure dependency" on the MailScanner-4.79.11-1 version.
>
> [root at mailscan01 /opt/MailScanner/bin]# ./MailScanner --lint --debug
> Trying to setlogsock(unix)
>
> Reading configuration file /opt/MailScanner/etc/MailScanner.conf
> Reading configuration file /opt/MailScanner/etc/conf.d/README
> Config: calling custom init function MailWatchLogging
>
> Checking version numbers...
> Version number in MailScanner.conf (4.79.11) is correct.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
> MailScanner setting GID to  (125)
> MailScanner setting UID to  (125)
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin reported no errors.
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There are 0 messages in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Blocked Filename Detected (1 eicar.com)
> Insecure dependency in unlink while running with -T switch at
> /opt/MailScanner/lib/MailScanner/WorkArea.pm line 295.
>
>
> Is this an error that can be ignored?
>    
Yes, but it's easy to get rid of too. Edit that file, and change line 
295 to be the following little block of code:
   my $tmp1 = $this->{dir} . '/' . $message->{id} . '/' . $attach;
   $tmp1 =~ /(.*)/;
   $tmp1 = $1;
   unlink $tmp1;

That will get rid of the warning for you. It will be in the next release 
anyway, but I don't know when that will happen.

Jules.
> Cheers.
>
>
>
> [root at mailscan01 /opt/MailScanner/bin]# ./MailScanner --version
> Running on
> FreeBSD abcd.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sun Dec  6
> 01:22:01 CET 2009
> root at freebsd80.abcd.com:/usr/obj/usr/src/sys/GENERIC_WITH_CARP  amd64
> This is Perl version 5.008009 (5.8.9)
>
> This is MailScanner version 4.79.11
> Module versions are:
> 1.00    AnyDBM_File
> 1.30    Archive::Zip
> 0.23    bignum
> 1.10    Carp
> 2.015   Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.121_17        Data::Dumper
> 2.27    Date::Parse
> 1.02    DirHandle
> 1.06    Fcntl
> 2.77    File::Basename
> 2.13    File::Copy
> 2.01    FileHandle
> 2.07_02 File::Path
> 0.22    File::Temp
> 0.92    Filesys::Df
> 3.60    HTML::Entities
> 3.62    HTML::Parser
> 3.57    HTML::TokeParser
> 1.25    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.04    Mail::Header
> 1.89    Math::BigInt
> 0.22    Math::BigRat
> 3.08    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.08    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.13    Net::CIDR
> 1.25    Net::IP
> 0.18    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.08    Pod::Simple
> 1.15    POSIX
> 1.19    Scalar::Util
> 1.81    Socket
> 2.21    Storable
> 1.4     Sys::Hostname::Long
> 0.27    Sys::Syslog
> 1.40    Test::Pod
> 0.94    Test::Simple
> 1.9719  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.54    Archive::Tar
> 0.23    bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.817   DB_File
> 1.25    DBD::SQLite
> 1.609   DBI
> 1.15    Digest
> 1.01    Digest::HMAC
> 2.37    Digest::MD5
> 2.12    Digest::SHA1
> 1.01    Encode::Detect
> missing Error
> missing ExtUtils::CBuilder
> 2.19    ExtUtils::ParseXS
> 2.38    Getopt::Long
> missing Inline
> 1.08    IO::String
> 1.10    IO::Zlib
> missing IP::Country
> missing Mail::ClamAV
> 3.002005        Mail::SpamAssassin
> missing Mail::SPF
> missing Mail::SPF::Query
> missing Module::Build
> missing Net::CIDR::Lite
> 0.65    Net::DNS
> missing Net::DNS::Resolver::Programmable
> missing Net::LDAP
> missing NetAddr::IP
> missing Parse::RecDescent
> missing SAVI
> 2.64    Test::Harness
> missing Test::Manifest
> 1.98    Text::Balanced
> 1.40    URI
> missing version
> missing YAML
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list