mailscanner died unexpectedly because of eval in taint mode
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| mailscanner (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: mailscanner
After upgrading from jaunty to lucid my mailscanner dies when constructing a warning message.
When launching mailscanner with debug enabled, I get this:
In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Have a batch of 1 message.
Insecure dependency in eval while running with -T switch at /usr/share/
Insecure dependency in eval while running with -T switch at /usr/share/
It is the ConstructWarning sub in /usr/share/
$result = eval "\"$line\"";
As soon as a new infected mail is scanned, mailscanner enters an endless loop - no messages are processed anymore. The instance dies and is being respawned over and over again.
| Oliver Siegmar (osiegmar) wrote | #1 |
| Didier Conchaudron (dcn) wrote | #2 |
I could work around this problem by adding a '--chuid Debian-exim' parameter to the start-stop-daemon call in /etc/init.
start-stop-daemon --start --quiet --nicelevel $run_nice --chuid Debian-exim --exec $DAEMON --name $NAME -- $DAEMON_ARGS \
|| return 2
I could also find more people having the same problem:
http://
http://
http://
The problem seems to be, that the mailscanner version used in karmic and lucid is not compatible with Perl 5.10