Hanne Moa, > I've been trying to change the sql backend from mysql to postgresql > (8.1), the latest hindrance leaves the following in mail.log: > > Feb 21 11:13:47 censored amavis[16546]: (16546-01-5) WARN > save_info_preliminary: Insecure dependency in parameter 1 of > DBI::db=HASH(0xa678130)->prepare method call while running with -T > switch at /usr/lib/perl5/DBD/Pg.pm line 277, <GEN21> line 709.
> I'm only using postgres to store the "log" now, as a test, but nothing > is actually logged to it. By switching back to mysql the above types > of messages disappear. > > I'm currently running amavisd-new 2.3.3 (with about ten lines of > extras), perl 5.8.4, libdbd-pg-perl (DBD::Pg) 1.41. If I remember well there is a bug in DBD::Pg::last_insert_id() which does not untaint results from internally generated SELECT. Don't know if it was fixed since, but later versions of amavisd-new avoided the problem altogether by not needing last_insert_id any longer. I'd suggest to first try upgrading DBD::Pg and DBI to their current version, and if that does not fix it, use amavisd-new-2.4.5, at least as a test (the config file is upwards compatible, you only have to replace the file 'amavisd'). Note minor compatibility issues with SQL: amavisd-new-2.4.4 release notes: COMPATIBILITY WITH 2.4.3 - PostgreSQL quarantining: data type of field quarantine.mail_text should be 'bytea' (instead of 'text') to allow storing arbitrary octets without associating them with a character set. See below for a conversion of an existing database. Similarly with MySQL the data type should be 'blob'. amavisd-new-2.4.2 release notes: COMPATIBILITY WITH 2.4.1: There are no incompatible changes since 2.4.1, but please notice below the fixes to SQL and to LDAP documentation, which may affect you. BUG FIXES AND CHANGES since 2.4.1: - README.sql PostgreSQL notes: fixed incorrect advice in README.sql which suggested to declare a field msgs.time_iso as TIMESTAMP WITHOUT TIME ZONE instead of the correct TIMESTAMP WITH TIME ZONE. [...] Some other taint-related issues fixed by later versions of amavisd-new: amavisd-new-2.4.2 release notes - perl taint workaround in lookup_sql() where SQL select clause could become tainted; problem reported by Christer Borang; amavisd-new-2.4.0 release notes - require minimal version 1.43 of DBI, working last_insert_id is needed; - untaint recip_score_boost when writing a log report entry to SQL; 'Insecure dependency in parameter 7' could have been reported when SQL-based score_sender lookup table is used; reported by Jim Knuth; Mark ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
