David,
> amavis claim Feb 1 14:37:25 rez14 amavis[29857]: (29857-04) (!)custom
> checks error: Insecure dependency in connect while running with -T
> switch at /usr/lib/perl/5.10/IO/Socket.pm line 114
> How can we fix it ?
>
> in this file we have this
> # cat -n /usr/lib/perl/5.10/IO/Socket.pm|grep 114
> 114 if (!connect($sock, $addr)) {
> I have created a custom hook that parse the last received server IP and
> pass it trough GEOIP
> It seems that error is occurred when the scriptt check GeOIP address...
>
> Could help me on this
> this custom hook will request GeoIP perl library has follow
As far as I can tell the Geo::IP module does not do any network connects,
it works with a local file. Are you sure your custom hook does not invoke
any other code which might try to connect to some local or remote socket?
I played a bit with your code and it doesn't cause any taint failures here.
Anyway, here is my modification to your code - avoids opening the
GeoLiteCity file for each mail message:
use Geo::IP;
sub checks {
my($self,$conn,$msginfo) = @_;
if (!exists $self->{geoip}) { # first time only in a child process
my $geo_file = "/usr/local/share/GeoIP/GeoLiteCity.dat";
$self->{geoip} = undef;
if (!-e $geo_file) {
do_log(0, "artica-plugin: GeoIP, unable to stat %s", $geo_file);
} else {
$self->{geoip} = Geo::IP->open($geo_file, GEOIP_STANDARD);
do_log(0, "artica-plugin: GeoIP, failed to open %s",
$geo_file) if !$self->{geoip};
}
}
if ($self->{geoip}) {
my $last_received_ip =
Amavis::UnmangleSender::parse_ip_address_from_received($msginfo);
if (defined $last_received_ip && $last_received_ip ne '') {
my($country_name,$region_name,$city) =
$self->ScanGeoIP($last_received_ip);
do_log(2, "artica-plugin: GeoIP, IP: %s, country: %s, region: %s, city:
%s",
$last_received_ip,
map(defined $_ && $_ ne '' ? $_ : "-",
$country_name, $region_name, $city));
}
}
}
sub ScanGeoIP($$) {
my($self,$last_received_ip) = @_;
my($country_name,$region_name,$city);
my $record = $self->{geoip}->record_by_addr($last_received_ip);
if (!$record) {
do_log(2, "artica-plugin: GeoIP, no record for %s", $last_received_ip);
} else {
$country_name = $record->country_name;
$region_name = $record->region_name;
$city = $record->city;
}
return ($country_name,$region_name,$city);
}
Mark
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
