amavisd-new & broken mysql

Tom Sommer mail at
Thu Jun 13 10:51:43 CEST 2019

On 2019-06-13 10:17, pali at wrote:

> For more then 2 years people complain about semi-broken support when
> amavisd-new use MySQL database as a storage via DBD::mysql driver.
> See e.g. this ticket:
> In past I tried to fix this problem in DBD::mysql, but due to
> compatibility with legacy DBD::mysql applications, fix had to be
> reverted.

To me, it seems better to fix the problem in Amavisd.

I think the problem is the usage of untaint() in SQL statements, like 

         $partition_tag, $msginfo->mail_id, $msginfo->secret_id,
         $msginfo->log_id, int($msginfo->rx_time), $time_iso,
         untaint($sid), c('policy_bank_path'), 

As far as I can see untaint() forces a string value, which fucks up the 
DBD::mysql driver.
In this example, $sid becomes a string, but the database-schema and 
driver expects a BIGINT?

But I'm really no expert in Perl, so I'm not 100% sure.


More information about the amavis-users mailing list