Taint problem calling Archive::Zip?

John Wilcock john at tradoc.fr
Mon Nov 15 12:23:23 GMT 2010

Since upgrading from Perl 5.8.8 to 5.12.2 on my gentoo box, I've had 
several instances of messages "attempting to kill" MailScanner, with 
.docx (or other similar zip-container format) files as attachments.

Running in debug mode gives the following error:

Insecure dependency in chmod while running with -T switch at 
/usr/lib64/perl5/vendor_perl/5.12.2/Archive/Zip/Member.pm line 490

This is with MailScanner 4.81.4, Archive::Zip 1.30. I haven't yet tried 
with MS 4.82 beta or the developer release of Archive::Zip 1.31_01, but 
don't see anything in the changelogs that suggests they would help.

Any ideas? (other than setting Maximum Archive Depth = 0, which does 
seem to be an effective if less-than-satisfactory workaround)


-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

More information about the MailScanner mailing list