Problems with 4.28-2
Rick Cooper
rcooper at DWFORD.COM
Tue Mar 2 15:34:07 GMT 2004
Ok, I ran some test messages with 4.28-7 and when I sent a zip
with a password or bad filename the log showed:
Mar 2 08:58:52 srv2 pop3d: LOGOUT, user=sbox,
ip=[::ffff:xxx.xxx.xxx.xxx], top=0, retr=0
Mar 2 09:00:43 srv2 MailScanner[29720]: New Batch: Scanning 1
messages, 988519 bytes
Mar 2 09:00:43 srv2 MailScanner[29720]: Spam Checks: Starting
Mar 2 09:00:46 srv2 MailScanner[29720]: SpamAssassin returned 0
Mar 2 09:00:48 srv2 MailScanner[29720]: Created attachment dirs
for 1 messages
Mar 2 09:00:48 srv2 MailScanner[29720]: Virus and Content
Scanning: Starting
Mar 2 09:00:48 srv2 MailScanner[29720]: Commencing scanning by
f-prot...
Mar 2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
f-prot
Mar 2 09:00:48 srv2 MailScanner[29720]: Commencing scanning by
clamavmodule...
Mar 2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
clamavmodule
Mar 2 09:00:48 srv2 MailScanner[29720]: Filename Checks:
Windows/DOS Executable (1AyARd-0007mi-Kk 0)
Mar 2 09:00:48 srv2 MailScanner[29720]: Completed checking by
/usr/bin/file
Mar 2 09:00:48 srv2 MailScanner[29720]: Filetype Checks: No
executables (1AyARd-0007mi-Kk 0)
Mar 2 09:00:48 srv2 MailScanner[29720]: Other Checks: Found 2
problems
This would repeat over and over with the same e-mail until I
killed MailScanner. I put it in debug and got:
Debug:
In Debugging mode, not forking...
Unmatched ( in regex; marked by <-- HERE in m/the sender of these
problems anymore ( <-- HERE since we cannot tell legitimate
senders/ at /opt/MailScanner/lib/MailScanner/Message.pm line
1913, <GEN60> line 18.
So I looked in the report and saw it was puking on a sentence
enclosed in (). I looked at Message.pm line 1913 and noted:
$line =~ s/"/\\"/g; # Escape any " characters
$line =~ s/@/\\@/g; # Escape any @ characters
So I removed the ( and ) and it puked on a sentence that was
enclosed by **. I did some other checks and it puked on any regex
reserved character and didn't like words surrounded by quotes
like "To" (it did not puke on them but it complained about them)
. So I commented out the two lines above and added:
$line =~ s/([\(\)\[\]\.\?\*\+\^"'@])/\\$1/g; # Escape any regex
characters
and everything worked fine again. I found I could not escape the
"$" because it blew the eval() below this section. I have used
the same reports for months and have never had this happen
before. Did something change here? I'm confused as to if this
problem has to do with something on this end as I have not seen
other comments about the "Maximum Archive Depth", or this
problem, on the list. Although I guess unless your virus.deleted
or filename.deleted reports contained the same characters [()* or
.*] you wouldn't notice.. come to think about it I recently add
the text that was enclosed parenthetically. Might be something to
look at Julian.
--
Rick Cooper
More information about the MailScanner
mailing list