Disclaimer variables passed from amavis to altermime.

Zhang Huangbin zhbmaillistonly at gmail.com
Mon Jul 2 03:20:08 CEST 2012

On Monday, July 2, 2012 at 4:20 AM, Mark Martinec wrote:

> If you know that the invoked altermime or its lookalike script

> will not be fooled by an untrusted command line argument,
> a hack could be to replace:
> $disclaimer_options = $opt;
> by:
> $disclaimer_options = untaint($opt);
> in sub prepare_modified_mail, file amavisd.

Will this replacement (untaint($opt)) the default one in next release?
Or we have to modify it manually every time?

Zhang Huangbin

iRedMail: Open Source Mail Server Solution for Red Hat Enterprise Linux,
CentOS, Scientific Linux, Debian, Ubuntu, Mint, Gentoo, openSUSE,
FreeBSD, OpenBSD: http://www.iredmail.org/

More information about the amavis-users mailing list