David,
> On ubuntu 10.10 we encounter now this error since some perl lib updates
Which version or amavisd? Do you happen to know which perl modules
were updated?
> amavis claim Feb 1 14:37:25 rez14 amavis[29857]: (29857-04) (!)custom
> checks error: Insecure dependency in connect while running with -T
> switch at /usr/lib/perl/5.10/IO/Socket.pm line 114
What is that custom hook doing (a method checks() in custom hooks).
> How can we fix it ?
>
> in this file we have this
>
> # cat -n /usr/lib/perl/5.10/IO/Socket.pm|grep 114
> 114 if (!connect($sock, $addr)) {
Probably the $addr is tainted. Where does it come from?
If you know it is safe to use (do some test before, just in case),
you may untaint it by calling Amavis::Util::untaint, e.g.:
if (!connect($sock, Amavis::Util::untaint($addr))) {
Mark
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
