MailScanner/SA crash (regex limit?)

ISP List isp-list at TULSACONNECT.COM
Sat Aug 10 17:15:42 IST 2002 

>There may be a log message
>starting with "SpamAssassin failed with real error:". Did you get that log
>message?

Nope.


>What version were you running?

3.21

>What were the last things that MailScanner logged?

Nothing useful - the error message was output to the console, and not to
syslog anywhere.

Aug 10 01:00:01 mx10 mailscanner[72413]: MailScanner E-Mail Virus Scanner
version 3.21 starting.
Aug 10 01:00:01 mx10 mailscanner[72413]: Configuring mailscanner for Exim
mailer...
Aug 10 01:00:01 mx10 mailscanner[72413]: Using locktype = posix
Aug 10 01:00:01 mx10 mailscanner[72413]: Creating hardcoded struct_flock
subroutine for freebsd (BSD-type)
Aug 10 01:00:02 mx10 mailscanner[72417]: Startup: found 3839 messages waiting
Aug 10 01:00:02 mx10 mailscanner[72417]: Startup: removed 2 duplicated
files from outgoing queue
Aug 10 01:00:02 mx10 mailscanner[72417]: Scanning 20 messages, 1146127 bytes
Aug 10 01:00:15 mx10 mailscanner[72417]: Possible malicious batch file
script in Jul  3.bat
Aug 10 01:00:15 mx10 mailscanner[72417]: Possible virus hidden in a
screensaver in http.scr
Aug 10 01:00:15 mx10 mailscanner[72417]: Found 5 viruses in messages
17dItX-000G8R-00,17dIta-000G8t-00,17dIsU-000G8E-00
Aug 10 01:00:15 mx10 mailscanner[72417]: Scanned 20 messages, 1146127 bytes
in 2 seconds

Aug 10 01:15:00 mx10 mailscanner[72791]: MailScanner E-Mail Virus Scanner
version 3.21 starting.
Aug 10 01:15:00 mx10 mailscanner[72791]: Configuring mailscanner for Exim
mailer...
Aug 10 01:15:00 mx10 mailscanner[72791]: Using locktype = posix
Aug 10 01:15:00 mx10 mailscanner[72791]: Creating hardcoded struct_flock
subroutine for freebsd (BSD-type)
Aug 10 01:15:01 mx10 mailscanner[72796]: Startup: found 3966 messages waiting
Aug 10 01:15:01 mx10 mailscanner[72796]: Startup: removed 2 duplicated
files from outgoing queue
Aug 10 01:15:01 mx10 mailscanner[72796]: Scanning 20 messages, 1146127 bytes
Aug 10 01:15:13 mx10 mailscanner[72796]: Possible malicious batch file
script in Jul  3.bat
Aug 10 01:15:13 mx10 mailscanner[72796]: Possible virus hidden in a
screensaver in http.scr
Aug 10 01:15:13 mx10 mailscanner[72796]: Found 5 viruses in messages
17dItX-000G8R-00,17dIta-000G8t-00,17dIsU-000G8E-00
Aug 10 01:15:13 mx10 mailscanner[72796]: Scanned 20 messages, 1146127 bytes
in 1 seconds

(did the above over and over as it restarted itself after 15 minutes via my
cron job)

>Is there any chance of a copy of the message that caused the error please?

Unfortunately not :(

>I will obviously only use it for testing the code to get this problem
>fixed, and I will keep it entirely confidential.
>
>I've never been able to crash SpamAssassin in this way, making it a little
>difficult to test!

The problem can be reproduced from a Perl-perspective by issuing:

perl -ce '/(a|bb){123456}/'

--Mike

More information about the MailScanner mailing list