grsecurity FormMail protection?!

ok... i think it seens very odd, but I can't think on other thing

what's happening:
I use cpanel, and have those 2 files on /usr/local/cpanel/cgi-sys:

-rwxr-xr-x 1 root wheel 581324 May 19 13:23 FormMail.cgi*
-rwxr-xr-x 1 root wheel 581324 May 12 10:18 TESTFormMail.cgi*

they are... the same!

when I try to use FormMail.cgi as action in a form and submit it, if one field is a textarea and have a linebreak (ENTER), I get error 406!
but if I use the other (TESTFormMail.cgi), it goes well

just to make it more clear:
root@server01 [/usr/local/cpanel/cgi-sys]# diff FormMail.cgi TESTFormMail.cgi
root@server01 [/usr/local/cpanel/cgi-sys]#
so... any ideas?

it seens there's something watching for "/^FormMail/" and making it bug?!

already 1 day trying to figure this out, together with cpanel tech... and got nothing

thanks

PS: I use RH enterprise with kernel 2.4.26 patched with grsecurity

 

 

 

 

Top