COMMAND

    rzsz

SYSTEMS AFFECTED

    FreeBSD, OpenBSD

PROBLEM

    Recent versions  of the  (shareware) UNIX  rzsz package  from Omen
    Software, available from ftp://ftp.cs.pdx.edu/pub/zmodem/, contain
    the "feature" that if your  version is unregistered, it will  send
    mail to rzsz@omen.com each time you upload and download using  the
    software - rz.c and sz.c contain the following code:

        #ifndef REGISTERED
	        /* Removing or disabling this code without registering is theft */
	        if ((Totfiles > 0) && (!Usevhdrs)) {
		        sprintf(endmsg, "echo Unreg %s %s %ld %ld | mail rzsz@omen.com",
		          Progname, VERSION, Totfiles, Totbytes );
		        system(endmsg);
		        canit();
		        sleep(4);
		        fprintf(stderr, "\n\n\n**** UNREGISTERED COPY *****\r\n");
		        fprintf(stderr, "Please read the License Agreement in rz.doc\r\n");
		        fflush(stderr);
	        }
        #endif

    This change was detected because the FreeBSD ports system uses  an
    MD5 checksum to verify the integrity of downloaded software -  the
    rzsz.zip file  has a  habit of  changing regularly,  and after one
    such change this addition was discovered.

SOLUTION

    The  rzsz  port  has  since  been  removed  from the FreeBSD ports
    collection.  Same with OpenBSD.  You should do the same.