FromTo: not working?

Julian Field mailscanner at ecs.soton.ac.uk
Wed Mar 5 10:33:02 GMT 2003 

At 09:49 05/03/2003, you wrote:
>On Tue, Mar 04, 2003 at 05:43:45PM +0100, Jan-Peter Koopmann wrote:
>
> > > Yes, just haven't had a chance to reply yet.
> > > For some reason, your rules aren't matching, but I can't
> > > obviously see why not. Have you got some space after the
> > > "FromTo:" ?
> >
> > I am attaching the file so you can check yourself, ok?
> > [...]
>
>Although the file looks okay at a first glance, there are a couple of
>things which might or might not confuse MailScanner:
>
>[zlatko at thomas]:~/tmp$ od -t c virus.scanning.rules
>0000000   F   r   o   m   T   o   :  \t   *   @   a   k   c   t   e   c
>0000020   h   .   d   e      \t   y   e   s  \t  \n   F   r   o   m   T
>0000040   o   :  \t   *   @   s   e   c   e   i   d   o   s   .   d   e
>0000060  \t   y   e   s  \n   F   r   o   m   T   o   :  \t   *   @   s
>0000100   e   c   e   i   d   o   s   .   n   e   t  \t   y   e   s  \n
>0000120   F   r   o   m   T   o   :       *   @   s   e   c   e   i   d
>0000140   o   s   .   o   r   g  \t   y   e   s  \n   F   r   o   m   T
>0000160   o   :       *   @   s   e   c   e   i   d   o   s   .   c   o
>0000200   m  \t   y   e   s  \n   F   r   o   m   T   o   :       *   @
>0000220   t   e   l   e   f   o   n   i   a   .   d   e  \t   y   e   s
>0000240  \n   F   r   o   m   T   o   :  \t   d   e   f   a   u   l   t
>0000260  \t  \t   n   o  \n
>0000265
>
>This translates to:
>
>FromTo:<TAB>*@akctech.de<SPACE><TAB>yes<TAB><NL>
>FromTo:<TAB>*@seceidos.de<TAB>yes<NL>
>FromTo:<TAB>*@seceidos.net<TAB>yes<NL>
>FromTo:<SPACE>*@seceidos.org<TAB>yes<NL>
>FromTo:<SPACE>*@seceidos.com<TAB>yes<NL>
>FromTo:<SPACE>*@telefonia.de<TAB>yes<NL>
>FromTo:<TAB>default<TAB><TAB>no

+ a <NL> on the end of the last line.

>A superfluous <SPACE> and <TAB> in line 1, and <SPACE> instead of <TAB> as
>field separators in lines 4, 5 and 6. Julian, how does your rule file parser
>handle this? :-)

The parser does this:
         /^(\S+)\s+(\S+)\s+(.+)$/
which matches when any whitespace is used, so long as there's something
there. If this doesn't match, then a warning is put in the maillog about
the syntax error. So this is working if you don't get a syntax error then
it should have worked.

And why is no-one else hitting this problem? I would expect loads of people
to be complaining if this was really a problem in the code :-(

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list