From 1ff6f4ceba9b56980a1010434e5c3641c4c93048 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Fri, 26 Nov 2004 23:15:42 +0000
Subject: Add big scary warnings to scripts.

---
 scripts/spamassassin.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'scripts/spamassassin.sh')

diff --git a/scripts/spamassassin.sh b/scripts/spamassassin.sh
index 4a6e8fe..9e88f75 100644
--- a/scripts/spamassassin.sh
+++ b/scripts/spamassassin.sh
@@ -14,6 +14,26 @@
 # See proxsmtpd.conf(5) for configuration details
 #
 
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#   WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+#
+#  By using variables passed in from clamsmtpd in file
+#  manipulation commands without escaping their contents
+#  you are opening yourself up to REMOTE COMPROMISE. You
+#  have been warned. Do NOT do the following unless you
+#  want to be screwed big time:
+#
+#  mv $EMAIL "$SENDER.eml"
+#
+#  An attacker can use the above command to compromise your
+#  computer. The only variable that is guaranteed safe in
+#  this regard is $EMAIL.
+#
+#  The following script does not escape its variables
+#  because it only uses them in safe ways.
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
 # Pipe mail through this command
 spamassassin -e
 
-- 
cgit v1.2.3