MK wrote: > found this in amavisd.log (i inserted the line breaks for better reading...): > ############################################################################# > (!)WARN: Using cpio instead of pax can be a security risk; > please add: $pax='pax'; to amavisd.conf and check that the pax(1) utility > is available on the system! > (!)do_pax_cpio/1: exit 1 > (!)Decoding of p003 (tar archive) failed, leaving it unpacked: > do_pax_cpio: exit 1 /usr/bin/cpio: Malformed number 777 > \n/usr/bin/cpio: Malformed number 376 > \n/usr/bin/cpio: Malformed number 1 > \n/usr/bin/cpio: Malformed number 213000 > \n/usr/bin/cpio: Malformed number 10450757133 > \n/usr/bin/cpio: Malformed number > \n/usr/bin/cpio: Malformed number > \n/usr/bin/cpio: premature end of file at (eval 49) line 1239. > #############################################################################
> why can using cpio be a security risk? (i'm using "cpio (GNU cpio) 2.7") > and, if so, which pax version is advisable to choose? > im confused about the current state of tar/pax/cpio merging code or not... > the heirloom toolchest contains pax, cpio and tar - so do the GNU paxutils > (although i don't find an actual download on savannah.gnu.org - just CVS). > which is best to choose? > thanks > MK I personally have no real answers for you on this, but doesn't your distro have 'pax' available where you could simply install the pax package/port/whatever? Gary V ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/