MailScanner/SA crash (regex limit?) -- Exim issue

Julian Field mailscanner at ecs.soton.ac.uk
Sat Aug 10 18:12:41 IST 2002


Right, I've found this one.

You must be using Exim, and you had a message (that was spam) with a
Subject: line which was 45,962 characters long!
This was too long for a particular regular expression construct in Perl
(which appears to have a 32,766 character limit for this construct) and so
Perl died when it was trying to add "{SPAM?}" on the front of the Subject:
line.

This problem does not affect sendmail users in any way, so they need not worry.

It wasn't directly SpamAssassin at all. The current code does indeed cope
perfectly well with SpamAssassin failures, and will just skip the analysis
of the message that caused the problem and continue on with the next one.

I have attached a patch to fix this. I have checked the patch on 3.22-10
and 3.21-1 and the "patch" command happily applies it to either version, so
you will not have to upgrade your installed version (3.21-1) as well. The
patch protects Exim users from any variation of this attack, leaving the
Subject: line alone if it is too long to be safely modified.

So Exim users should apply this patch. I won't immediately make a new
release for this unless people want me to. If you do want me to, then
please mail me and I'll do it!

Many thanks for reporting this problem.

At 14:57 10/08/2002, you wrote:
>Had my first MailScanner problem in quite a while this morning (well, it
>isn't really MailScanner, I suspect it is SpamAssassin, or rather some Perl
>limitation).  Error is as follows:
>
>Quantifier in {,} bigger than 32766 before HERE mark in regex m/^45962\ \
>Subject: (.{ << HERE 45953})/
>
>MailScanner would croak after the above error, and ~7,000 messages backed
>up in the few hours it was looping with this error.  I turned off
>SpamAssassin checking, and things went through OK.  Suggestions as to ways
>to prevent this from occuring in the future?  Why would MailScanner not
>just bypass the message causing it to croak and move on to the next one?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3.22-10.mta-specific.pl.patch
Type: application/octet-stream
Size: 1363 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020810/73b5ea75/3.22-10.mta-specific.pl.obj
-------------- next part --------------
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ


More information about the MailScanner mailing list