> why can using cpio be a security risk? (i'm using "cpio (GNU cpio) 2.7")
cpio can be tricked to decode multiple archive components into the same file, overwriting previous contents, which could help in camouflaging a virus. pax has options which can reduce the problem to large extent (including some other implications of the same), although it still is not perfect for the job. tar is very much nonstandard and limited in formats it supports compared to pax. > if so, which pax version is advisable to choose? If your OS comes with it, it should do (unless it is ancient). Otherwise compile it from source, or use a heirloom version, which is quite good. Mark ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
