Problems with 4.28-2

Julian Field mailscanner at ecs.soton.ac.uk
Tue Mar 2 16:09:03 GMT 2004 

Many thanks for letting me know about that one, and for writing the fix for
me. It turns up 1 other time in Message.pm as well (look for "Escape any "
and you will find it).
Fixed for the next release.

At 15:34 02/03/2004, you wrote:
>Ok, I ran some test messages with 4.28-7 and when I sent a zip
>with a password or bad filename the log showed:
>
>Mar  2 08:58:52 srv2 pop3d: LOGOUT, user=sbox,
>ip=[::ffff:xxx.xxx.xxx.xxx], top=0, retr=0
>Mar  2 09:00:43 srv2 MailScanner[29720]: New Batch: Scanning 1
>messages, 988519 bytes
>Mar  2 09:00:43 srv2 MailScanner[29720]: Spam Checks: Starting
>Mar  2 09:00:46 srv2 MailScanner[29720]: SpamAssassin returned 0
>Mar  2 09:00:48 srv2 MailScanner[29720]: Created attachment dirs
>for 1 messages
>Mar  2 09:00:48 srv2 MailScanner[29720]: Virus and Content
>Scanning: Starting
>Mar  2 09:00:48 srv2 MailScanner[29720]: Commencing scanning by
>f-prot...
>Mar  2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
>f-prot
>Mar  2 09:00:48 srv2 MailScanner[29720]: Commencing scanning by
>clamavmodule...
>Mar  2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
>clamavmodule
>Mar  2 09:00:48 srv2 MailScanner[29720]: Filename Checks:
>Windows/DOS Executable (1AyARd-0007mi-Kk 0)
>Mar  2 09:00:48 srv2 MailScanner[29720]: Completed checking by
>/usr/bin/file
>Mar  2 09:00:48 srv2 MailScanner[29720]: Filetype Checks: No
>executables (1AyARd-0007mi-Kk 0)
>Mar  2 09:00:48 srv2 MailScanner[29720]: Other Checks: Found 2
>problems
>
>This would repeat over and over with the same e-mail until I
>killed MailScanner. I put it in debug and got:
>
>Debug:
>In Debugging mode, not forking...
>Unmatched ( in regex; marked by <-- HERE in m/the sender of these
>problems anymore ( <-- HERE since we cannot tell legitimate
>senders/ at /opt/MailScanner/lib/MailScanner/Message.pm line
>1913, <GEN60> line 18.
>
>So I looked in the report and saw it was puking on a sentence
>enclosed in (). I looked at Message.pm line 1913 and noted:
>
>     $line =~ s/"/\\"/g; # Escape any " characters
>     $line =~ s/@/\\@/g; # Escape any @ characters
>
>So I removed the ( and ) and it puked on a sentence that was
>enclosed by **. I did some other checks and it puked on any regex
>reserved character and didn't like words surrounded by quotes
>like "To" (it did not puke on them but it complained about them)
>. So I commented out the two lines above and added:
>
>$line =~ s/([\(\)\[\]\.\?\*\+\^"'@])/\\$1/g; # Escape any regex
>characters
>
>and everything worked fine again. I found I could not escape the
>"$" because it blew the eval() below this section. I have used
>the same reports for months and have never had this happen
>before. Did something change here? I'm confused as to if this
>problem has to do with something on this end as I have not seen
>other comments about the "Maximum Archive Depth", or this
>problem, on the list. Although I guess unless your virus.deleted
>or filename.deleted reports contained the same characters [()* or
>.*] you wouldn't notice.. come to think about it I recently add
>the text that was enclosed parenthetically. Might be something to
>look at Julian.
>
>
>--
>Rick Cooper

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list