MailScanner/SA crash (regex limit?) -- Exim issue
ISP List
isp-list at TULSACONNECT.COM
Sat Aug 10 19:00:41 IST 2002
At 06:12 PM 8/10/2002 +0100, you wrote:
>Right, I've found this one.
>
>You must be using Exim, and you had a message (that was spam) with a
>Subject: line which was 45,962 characters long!
>This was too long for a particular regular expression construct in Perl
>(which appears to have a 32,766 character limit for this construct) and so
>Perl died when it was trying to add "{SPAM?}" on the front of the Subject:
>line.
>
>This problem does not affect sendmail users in any way, so they need not
>worry.
>
>It wasn't directly SpamAssassin at all. The current code does indeed cope
>perfectly well with SpamAssassin failures, and will just skip the analysis
>of the message that caused the problem and continue on with the next one.
>
>I have attached a patch to fix this. I have checked the patch on 3.22-10
>and 3.21-1 and the "patch" command happily applies it to either version, so
>you will not have to upgrade your installed version (3.21-1) as well. The
>patch protects Exim users from any variation of this attack, leaving the
>Subject: line alone if it is too long to be safely modified.
>
>So Exim users should apply this patch. I won't immediately make a new
>release for this unless people want me to. If you do want me to, then
>please mail me and I'll do it!
>
>Many thanks for reporting this problem.
..many thanks for taking the time on a Saturday to fix it!
--Mike
More information about the MailScanner
mailing list