Taint issues on 4.85.2-1

Jason Ede J.Ede at birchenallhowden.co.uk
Thu Apr 23 15:41:11 UTC 2015


Here they are…

/var/spool/MailScanner

drwxr-xr-x   4 root    root    4096 Nov 21 14:49 .
drwxr-xr-x. 15 root    root    4096 Apr  2 10:51 ..
drwxr-x---  17 postfix postfix 4096 Apr 23 16:36 incoming
drwxr-x---  21 postfix apache  4096 Apr 23 09:23 quarantine

I use clamd

Clamd Port = 3310
Clamd Socket = /var/run/clamav/clamd.sock
Clamd Lock File = /var/lock/subsys/clamd
Clamd Use Threads = yes

I don’t think I’ve missed any permissions, but it’s been a while since I’ve set up a MS server.

Jason


From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 April 2015 16:29
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1

0660? 777? And ClamAV settings if you are using that?

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Apr 23, 2015, at 10:51 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:

They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to.

Jason


From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 April 2015 15:39
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1

Jason,

what do your have your file permissions set at when running? user? group?
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>
Sent from my iPhone

On Apr 23, 2015, at 05:57, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:

Further info, when on Explode($batch) then in Message.pm around line 2250 where it does
$entity = eval { $parser->parse($handle) };

Seems to be the offending line.

That’s as far as I can get with it before I get hopelessly lost


From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 23 April 2015 09:55
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1

Ok, looking through the MailScanner.pm file…

When in debug mode it’s complaining around line 1100 when it calls

$batch->Explode($Debug);

That triggers one line containing
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4.

For each message in the batch.


Also around line 1250 where it does
$batch->SignUninfected();
I get
 Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185.

for each message in the batch…

Hopefully that will help narrow it down a bit…

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 23 April 2015 09:13
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1

Hi Jerry,

Did you get the IO::File.pm file? The version of it is 1.14

Will look at it a bit more from here…

It’s the same on my production box and that is ok on an older version of MailScanner.

Jason


From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 21 April 2015 09:17
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1

Emailed you the file directly.

Jason

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 April 2015 09:06
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1

Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm  ?

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



On Apr 21, 2015, at 4:04 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:

Hi Jerry,

Here is the top of the file

#

package IO::File;

=head1 NAME

IO::File - supply object methods for filehandles

=head1 SYNOPSIS

    use IO::File;

    $fh = new IO::File;
    if ($fh->open("< file")) {
        print <$fh>;
        $fh->close;
    }

    $fh = new IO::File "> file";
    if (defined $fh) {
        print $fh "bar\n";
        $fh->close;
    }

    $fh = new IO::File "file", "r";
    if (defined $fh) {
        print <$fh>;
        undef $fh;       # automatically closes the file
    }

    $fh = new IO::File "file", O_WRONLY|O_APPEND;
    if (defined $fh) {
        print $fh "corge\n";

        $pos = $fh->getpos;
        $fh->setpos($pos);

        undef $fh;       # automatically closes the file
    }

    autoflush STDOUT 1;

=head1 DESCRIPTION

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 13 April 2015 15:26
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1

I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so.

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



On Apr 9, 2015, at 4:22 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:


Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors

MailScanner --debug


In Debugging mode, not forking...
Trying to setlogsock(unix)
pyzor: check failed: internal error, python traceback seen in response
Building a message batch to scan...
Have a batch of 10 messages.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.


Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions?

Jason


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner



--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner



--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150423/8493a5e0/attachment-0001.html>


More information about the MailScanner mailing list