found this in amavisd.log (i inserted the line breaks for better reading...): ############################################################################# (!)WARN: Using cpio instead of pax can be a security risk; please add: $pax='pax'; to amavisd.conf and check that the pax(1) utility is available on the system! (!)do_pax_cpio/1: exit 1 (!)Decoding of p003 (tar archive) failed, leaving it unpacked: do_pax_cpio: exit 1 /usr/bin/cpio: Malformed number 777 \n/usr/bin/cpio: Malformed number 376 \n/usr/bin/cpio: Malformed number 1 \n/usr/bin/cpio: Malformed number 213000 \n/usr/bin/cpio: Malformed number 10450757133 \n/usr/bin/cpio: Malformed number \n/usr/bin/cpio: Malformed number \n/usr/bin/cpio: premature end of file at (eval 49) line 1239. #############################################################################
why can using cpio be a security risk? (i'm using "cpio (GNU cpio) 2.7") and, if so, which pax version is advisable to choose? im confused about the current state of tar/pax/cpio merging code or not... the heirloom toolchest contains pax, cpio and tar - so do the GNU paxutils (although i don't find an actual download on savannah.gnu.org - just CVS). which is best to choose? thanks MK ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/