John Rudd wrote: > Török Edwin wrote: >> [EMAIL PROTECTED] wrote: >>> Bas van Rooijen wrote: >>> >>>> Thanks for the replies so far; >>>> >>>> however please note I already know the problem is ClamAV (hence i'm >>>> writing to this list..) >>>> >>>> Is there anyone who can answer my actual questions? >>>> >>>> >>> Comment out the check in the source and recompile? >> That check was added to prevent an exploit when run in black-hole mode.
does this mean you can still exploit these by using other meta characters? like < and > ? wouldn't it make more sense to properly escape the recipient where it is actually passed to sendmail? > > Then maybe it should only be active when run in black-hole mode? (maybe > it is, I don't know if that applies to the OP). > > At the very least, shouldn't it have a config switch? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html