jkf at ecs.soton.ac.uk
Mon Sep 10 19:59:34 IST 2001
At 18:28 10/09/2001, you wrote:
>Right now I've kludged in a solution which makes tnef abort if any
>expansion would require more than 20 megabytes of memory (since we
>limit the maximum size of our email messages to 20 megabytes we can be
>sure than no genuine TNEF should ever extract to more than this).
>That circumvents the immediate problem on our site.
>If anybody experiences problems with odd winmail.dat files causing
>TNEF to eat up processor and memory out of all proportion to the real
>file sizes and requires the kludge, I'll happily pass it on.
If you could up the limit to 100Mbytes (enough for most sites), and pass it
on to me, I will happily put it in the standard MailScanner distribution
until you get a new version from the original author.
Also, is the problem actually that it runs out of memory, or that it takes
a very long time to run (or both)? If it could be killed after running for,
say, 2 minutes, then the same DoS attack prevention mechanism I am
intending to write for Sophos could be wrapped round the tnef decoder as well.
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner