On Friday 18 July 2003 13:20 CET Henrik Larsson wrote:
> I know this is properly not a pure Spamassassin issue as you can se
> below, but since all the Spamassasin experts is here, I would take the
> liberty to asking the question anyway.
>
> Please don't flame me to much if this is this is way off topic.
Don't panic, it sin't and it is an SpamAssassin issue :o) The only better
place to report it would have been bugzilla.spamassassin.org.
> But the DCC checks are not running when Amavisd-new is handlig the mail.
> The debug log from Amavis is below:
> -- cut
> debug: DCC is available: /usr/local/dcc/bin/dccproc
> debug: entering helper-app run mode
> debug: leaving helper-app run mode
> DCC -> check failed: Insecure $ENV{PATH} while running with -T switch at
> /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Dns.pm line 577.
> -- cut
The problem is that older versions of spamassassin aren't taint safe. I'm
not sure if the proper code was already in the 2.5x series, but 2.60
(currently in beta/prerelease state) will be able to run in taint mode.
Which version of SpamAssassin do you run?
Please read 'perldoc perlsec' if you want to know what the taint mode is.
Maybe you can tell amavisd-new somewhere to disable taint mode?
> When i test with "spamassassin --lint -D" with the vscan user it works:
Try 'perl -T spamassassin --lint -D' -- that should fail, too.
Cheers,
Malte
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
