You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Nick Urbanik <ni...@nicku.org> on 2005/08/15 03:29:32 UTC
spamd[9706]: security: cannot untaint path: "/_"
Dear Folks,
Spamassassin is telling me things like this in the logs:
Aug 15 11:04:36 nicku spamd[9702]: security: cannot untaint path: "/_"
Aug 15 11:04:36 nicku spamd[9702]: razor2 check skipped: No such file or directory Insecure dependency in mkdir while running setuid at /usr/lib/perl5/vendor_perl/5.8.6/Razor2/Client/Config.pm line 265, <GEN4845> line 96.
Aug 15 11:04:36 nicku spamd[9702]: security: cannot untaint path: "/_"
Aug 15 11:04:36 nicku spamd[9702]: security: cannot untaint path: "/_"
Aug 15 11:04:36 nicku dccproc[22573]: continue not asking DCC 6 seconds after failure
Aug 15 11:04:38 nicku spamd[9702]: clean message (0.0/5.0) for nicku:1000 in 2.7 seconds, 4026 bytes.
Aug 15 11:04:38 nicku spamd[9702]: result: . 0 - scantime=2.7,size=4026,mid=<00...@zando.ro>,autolearn=ham
Aug 15 11:04:38 nicku postfix/local[22568]: C2F2C246FE3: to=<ni...@nicku.org>, relay=local, delay=3, status=sent (delivered to command: /usr/bin/procmail)
Aug 15 11:04:38 nicku postfix/qmgr[22497]: C2F2C246FE3: removed
SETUP:
$ spamd --version
SpamAssassin Server version 3.0.4
running on Perl 5.8.6
with SSL support (IO::Socket::SSL 0.97)
$ rpm -q spamassassin
spamassassin-3.0.4-1_26.rhfc4.at
$ rpm -q amavisd-new
amavisd-new-2.3.1-1.1.fc3.rf
$ rpm -q clamav
clamav-0.86.2-13.rhfc4.at
$ rpm -q fedora-release
fedora-release-4-2_3.rhfc4.at
$ uname -r
2.6.12-1.1398_FC4smp
$ arch
i686
$ rpm -q mailman
mailman-2.1.5-35.fc4
$ rpm -q postfix
postfix-2.2.2-2
$ rpm -q procmail
procmail-3.22-16
$ grep procmail /etc/postfix/main.cf
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command = /usr/bin/procmail
EXCERPT from ~nicku/.procmail.rc:
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc
:0:
* ^X-Spam-Status: Yes
probably-spam
$ cat /etc/procmailrc
INCLUDERC=/home/nicku/.procmailrc
QUESTIONS:
Where is this path "/_" coming from?
Any suggestions relating to this setup or possible sources of the problem?
--
Nick Urbanik RHCE http://nicku.org nicku(at)nicku.org
Proud ex-member of Dept. of Information & Communications Technology in
Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity
Award winner, programmed by ICT's own graduates!
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
Re: spamd[9706]: security: cannot untaint path: "/_"
Posted by jdow <jd...@earthlink.net>.
Blast away. Paul Howarth posted this gem to take care of the dependancy
issue and allow Evolution to update properly.
I had to install quite a few dependancies to get it working. And you
probably want to review the contents of /etc/mail/spamassassin/local.cf.
That will need fixing, I am sure.
{^_^}
Re: spamd[9706]: security: cannot untaint path: "/_"
Posted by Nick Urbanik <ni...@nicku.org>.
On Sun, Aug 14, 2005 at 07:34:19PM -0700, jdow wrote:
> Close to what I am running. I gave up on FC4's SpamAssassin. (It needs
> some serious help.) I nuked it. I installed SpamAssassin via CPAN. That
> works - one I installed all the things FC4 was missing and used a good
> configuration rather than FC4's. Save the /etc/rc.d/init.d/spamassassin
> file, though. It's useful.
> {^_^}
Well, that didn't solve it, though I didn't blast away the entire
package, as I don't want to mess up the dependencies for yum update.
Thank you for the suggestion.
--
Nick Urbanik RHCE http://nicku.org nicku(at)nicku.org
Proud ex-member of Dept. of Information & Communications Technology in
Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity
Award winner, programmed by ICT's own graduates!
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
Re: spamd[9706]: security: cannot untaint path: "/_"
Posted by jdow <jd...@earthlink.net>.
Close to what I am running. I gave up on FC4's SpamAssassin. (It needs
some serious help.) I nuked it. I installed SpamAssassin via CPAN. That
works - one I installed all the things FC4 was missing and used a good
configuration rather than FC4's. Save the /etc/rc.d/init.d/spamassassin
file, though. It's useful.
{^_^}
Re: spamd[9706]: security: cannot untaint path: "/_"
Posted by Nick Urbanik <ni...@nicku.org>.
Hello,
On Sun, Aug 14, 2005 at 09:23:42PM -0700, Loren Wilton wrote:
> > Where is this path "/_" coming from?
>
> My guess is that you have a broken line in local.cf or the like. I would
> look for directory or path specifications for Razor and see if you maybe
> ended up with a line-wrapped line someplace.
Thank you. not found in local.cf, but I will carefully search the
other configuration files. Thank you for your thoughtful help.
--
Nick Urbanik RHCE http://nicku.org nicku(at)nicku.org
Proud ex-member of Dept. of Information & Communications Technology in
Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity
Award winner, programmed by ICT's own graduates!
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
Re: spamd[9706]: security: cannot untaint path: "/_"
Posted by Loren Wilton <lw...@earthlink.net>.
> Where is this path "/_" coming from?
My guess is that you have a broken line in local.cf or the like. I would
look for directory or path specifications for Razor and see if you maybe
ended up with a line-wrapped line someplace.
Loren