David, > amavis claim Feb 1 14:37:25 rez14 amavis[29857]: (29857-04) (!)custom > checks error: Insecure dependency in connect while running with -T > switch at /usr/lib/perl/5.10/IO/Socket.pm line 114 > How can we fix it ? > > in this file we have this > # cat -n /usr/lib/perl/5.10/IO/Socket.pm|grep 114 > 114 if (!connect($sock, $addr)) {
> I have created a custom hook that parse the last received server IP and > pass it trough GEOIP > It seems that error is occurred when the scriptt check GeOIP address... > > Could help me on this > this custom hook will request GeoIP perl library has follow As far as I can tell the Geo::IP module does not do any network connects, it works with a local file. Are you sure your custom hook does not invoke any other code which might try to connect to some local or remote socket? I played a bit with your code and it doesn't cause any taint failures here. Anyway, here is my modification to your code - avoids opening the GeoLiteCity file for each mail message: use Geo::IP; sub checks { my($self,$conn,$msginfo) = @_; if (!exists $self->{geoip}) { # first time only in a child process my $geo_file = "/usr/local/share/GeoIP/GeoLiteCity.dat"; $self->{geoip} = undef; if (!-e $geo_file) { do_log(0, "artica-plugin: GeoIP, unable to stat %s", $geo_file); } else { $self->{geoip} = Geo::IP->open($geo_file, GEOIP_STANDARD); do_log(0, "artica-plugin: GeoIP, failed to open %s", $geo_file) if !$self->{geoip}; } } if ($self->{geoip}) { my $last_received_ip = Amavis::UnmangleSender::parse_ip_address_from_received($msginfo); if (defined $last_received_ip && $last_received_ip ne '') { my($country_name,$region_name,$city) = $self->ScanGeoIP($last_received_ip); do_log(2, "artica-plugin: GeoIP, IP: %s, country: %s, region: %s, city: %s", $last_received_ip, map(defined $_ && $_ ne '' ? $_ : "-", $country_name, $region_name, $city)); } } } sub ScanGeoIP($$) { my($self,$last_received_ip) = @_; my($country_name,$region_name,$city); my $record = $self->{geoip}->record_by_addr($last_received_ip); if (!$record) { do_log(2, "artica-plugin: GeoIP, no record for %s", $last_received_ip); } else { $country_name = $record->country_name; $region_name = $record->region_name; $city = $record->city; } return ($country_name,$region_name,$city); } Mark ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org