found this in amavisd.log (i inserted the line breaks for better reading...):
#############################################################################
(!)WARN: Using cpio instead of pax can be a security risk;
please add: $pax='pax'; to amavisd.conf and check that the pax(1) utility
is available on the system!
(!)do_pax_cpio/1: exit 1
(!)Decoding of p003 (tar archive) failed, leaving it unpacked:
do_pax_cpio: exit 1 /usr/bin/cpio: Malformed number 777
\n/usr/bin/cpio: Malformed number 376
\n/usr/bin/cpio: Malformed number 1
\n/usr/bin/cpio: Malformed number 213000
\n/usr/bin/cpio: Malformed number 10450757133
\n/usr/bin/cpio: Malformed number
\n/usr/bin/cpio: Malformed number
\n/usr/bin/cpio: premature end of file at (eval 49) line 1239.
#############################################################################
why can using cpio be a security risk? (i'm using "cpio (GNU cpio) 2.7")
and, if so, which pax version is advisable to choose?
im confused about the current state of tar/pax/cpio merging code or not...
the heirloom toolchest contains pax, cpio and tar - so do the GNU paxutils
(although i don't find an actual download on savannah.gnu.org - just CVS).
which is best to choose?
thanks
MK
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
