Taint issues on 4.85.2-1
Jason Ede
J.Ede at birchenallhowden.co.uk
Thu Apr 23 17:01:58 UTC 2015
From enabling the debug logging in the code…
Exploding message E1402120A37.A5B3C into /var/spool/MailScanner/incoming/4672/E1402120A37.A5B3C
This means it’s permissions on my incoming folder that are wrong, but they look ok both at filesystem level and in conf file.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 23 April 2015 16:58
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1
Incoming Work Permissions = 0644
Quarantine Permissions = 0660
I can see it might be permissions, but it’s working out which permission is not right. I’m comparing it against a working system and still can’t spot it…
The User is postfix in the conf file too.
Jason
--
Dr Jason Ede
Development Manager, BirchenallHowden Ltd
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 April 2015 16:48
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
In your MailScanner.conf there are permission and user settings.
In short, it is complaining for some reason, and it is probably insecure permissions. I have ran the latest MS on every OS supported by MailScanner and have not seen this issue. So the only thing I can come up with right now is a permissions issue in your settings or on your file system.
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>
On Apr 23, 2015, at 11:41 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
Here they are…
/var/spool/MailScanner
drwxr-xr-x 4 root root 4096 Nov 21 14:49 .
drwxr-xr-x. 15 root root 4096 Apr 2 10:51 ..
drwxr-x--- 17 postfix postfix 4096 Apr 23 16:36 incoming
drwxr-x--- 21 postfix apache 4096 Apr 23 09:23 quarantine
I use clamd
Clamd Port = 3310
Clamd Socket = /var/run/clamav/clamd.sock
Clamd Lock File = /var/lock/subsys/clamd
Clamd Use Threads = yes
I don’t think I’ve missed any permissions, but it’s been a while since I’ve set up a MS server.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 April 2015 16:29
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
0660? 777? And ClamAV settings if you are using that?
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>
On Apr 23, 2015, at 10:51 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
They’re set to postfix and postfix. As far as I can see this user has read/write access where it needs to.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 April 2015 15:39
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
Jason,
what do your have your file permissions set at when running? user? group?
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>
Sent from my iPhone
On Apr 23, 2015, at 05:57, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
Further info, when on Explode($batch) then in Message.pm around line 2250 where it does
$entity = eval { $parser->parse($handle) };
Seems to be the offending line.
That’s as far as I can get with it before I get hopelessly lost
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 23 April 2015 09:55
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1
Ok, looking through the MailScanner.pm file…
When in debug mode it’s complaining around line 1100 when it calls
$batch->Explode($Debug);
That triggers one line containing
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4.
For each message in the batch.
Also around line 1250 where it does
$batch->SignUninfected();
I get
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185.
for each message in the batch…
Hopefully that will help narrow it down a bit…
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 23 April 2015 09:13
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1
Hi Jerry,
Did you get the IO::File.pm file? The version of it is 1.14
Will look at it a bit more from here…
It’s the same on my production box and that is ok on an older version of MailScanner.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 21 April 2015 09:17
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1
Emailed you the file directly.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 April 2015 09:06
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ?
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>
On Apr 21, 2015, at 4:04 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
Hi Jerry,
Here is the top of the file
#
package IO::File;
=head1 NAME
IO::File - supply object methods for filehandles
=head1 SYNOPSIS
use IO::File;
$fh = new IO::File;
if ($fh->open("< file")) {
print <$fh>;
$fh->close;
}
$fh = new IO::File "> file";
if (defined $fh) {
print $fh "bar\n";
$fh->close;
}
$fh = new IO::File "file", "r";
if (defined $fh) {
print <$fh>;
undef $fh; # automatically closes the file
}
$fh = new IO::File "file", O_WRONLY|O_APPEND;
if (defined $fh) {
print $fh "corge\n";
$pos = $fh->getpos;
$fh->setpos($pos);
undef $fh; # automatically closes the file
}
autoflush STDOUT 1;
=head1 DESCRIPTION
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 13 April 2015 15:26
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so.
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>
On Apr 9, 2015, at 4:22 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors
MailScanner --debug
In Debugging mode, not forking...
Trying to setlogsock(unix)
pyzor: check failed: internal error, python traceback seen in response
Building a message batch to scan...
Have a batch of 10 messages.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions?
Jason
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150423/c0b7d011/attachment.html>
More information about the MailScanner
mailing list