Re: [Mimedefang] use strict
Anyone care to post a strict version of their filter as an example? :-) -Rich ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
--On Tuesday, April 26, 2005 3:27 PM -0400 Rich West [EMAIL PROTECTED] wrote: Anyone care to post a strict version of their filter as an example? :-) You should be able to add use strict; at the top of the file and then run mimedefang.pl -test. I got a warning for a missing my for $VirusFound in the stock filter, but I haven't updated in awhile so that may be fixed in the latest release. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] use strict
I was thinking of sticking 'use strict;' in my filter in order to make sure that it is written cleanly and is less likely to have bugs (I realise that 'use strict;' is not a panacea). Is this likely to cause any problems with mimedefang.pl? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
On Wed, 2005-04-13 at 16:29 -0700, John Nemeth wrote: I was thinking of sticking 'use strict;' in my filter in order to make sure that it is written cleanly and is less likely to have bugs (I realise that 'use strict;' is not a panacea). Is this likely to cause any problems with mimedefang.pl? Nope. I have use strict and use warnings in my filter. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet signature.asc Description: This is a digitally signed message part ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
John: No problems here. I switched to back before August of last year on the main server without issue. Regards, KAM I was thinking of sticking 'use strict;' in my filter in order to make sure that it is written cleanly and is less likely to have bugs (I realise that 'use strict;' is not a panacea). Is this likely to cause any problems with mimedefang.pl? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
--On Wednesday, April 13, 2005 4:29 PM -0700 John Nemeth [EMAIL PROTECTED] wrote: I was thinking of sticking 'use strict;' in my filter in order to make sure that it is written cleanly and is less likely to have bugs (I realise that 'use strict;' is not a panacea). Is this likely to cause any problems with mimedefang.pl? Good question. I just discovered a bug in my filter because I'd failed to escape an @ in a regex (eg. if ($Sender =~ /@mydomain\.com/)). It was matching on every .com domain. (My editor failed to catch it because it wasn't coloring the @mydomain as an interpolated variable, and nothing warned that it was undeclared with my. The next rev of my editor will have that patched.) In addition to use strict, does it make sense to use -wT? (Presumably this would need to be in mimedefang.pl.) Could a hostile sender effect a shell escape in a poorly-written filter? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
Kenneth Porter wrote: In addition to use strict, does it make sense to use -wT? Taint-checking would probably cause lots of problems. (Presumably this would need to be in mimedefang.pl.) Could a hostile sender effect a shell escape in a poorly-written filter? Well, by definition, a poorly-written filter can let a hostile sender do anything. :-) You could write a filter that executes the subjects of incoming e-mails as shell commands if you really wanted to. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
--On Wednesday, April 13, 2005 9:05 PM -0400 David F. Skoll [EMAIL PROTECTED] wrote: Kenneth Porter wrote: In addition to use strict, does it make sense to use -wT? Taint-checking would probably cause lots of problems. I just tested it by adding -wT to mimedefang.pl and the only error I got was the require $Filter. After untainting $Filter I could run mimedefang.pl -test cleanly. If I leave this in, is there some other way it can bite me that won't show up in a -test run? Is taint-checking inherited by the required user script or do I need to specify it again there? (Presumably this would need to be in mimedefang.pl.) Could a hostile sender effect a shell escape in a poorly-written filter? Well, by definition, a poorly-written filter can let a hostile sender do anything. :-) You could write a filter that executes the subjects of incoming e-mails as shell commands if you really wanted to. IncredulousOEUser That would be nifty! /IncredulousOEUser ;) BTW, I added use strict; use warnings; to my filter and it turned up not only my aforementioned bug but a couple more variables missing my declarations (from the stock filter, $FoundVirus in filter_begin). Perhaps you could add these at the top of the stock filter. This shouldn't cause incompatibility since users have to migrate changes manually anyway. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang