Problems with 4.28-2

Rick Cooper rcooper at DWFORD.COM
Tue Mar 2 17:20:31 GMT 2004


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Tuesday, March 02, 2004 11:09 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Problems with 4.28-2
>
>
> Many thanks for letting me know about that one, and
> for writing the fix for
> me. It turns up 1 other time in Message.pm as well
> (look for "Escape any "
> and you will find it).
> Fixed for the next release.
>

Your very welcome and thank you. Next item, are you aware that
the messages sent upon detecting a bad file name or protected zip
are blank and the warnings:

Warning: This message has had one or more attachments removed
Warning: (the entire message).
Warning: Please read the "SystemWarning.txt" attachment(s) for
more information.

Are in the warning attachment instead?

> At 15:34 02/03/2004, you wrote:
> >Ok, I ran some test messages with 4.28-7 and when I sent a zip
> >with a password or bad filename the log showed:
> >
> >Mar  2 08:58:52 srv2 pop3d: LOGOUT, user=sbox,
> >ip=[::ffff:xxx.xxx.xxx.xxx], top=0, retr=0
> >Mar  2 09:00:43 srv2 MailScanner[29720]: New Batch: Scanning 1
> >messages, 988519 bytes
> >Mar  2 09:00:43 srv2 MailScanner[29720]: Spam Checks: Starting
> >Mar  2 09:00:46 srv2 MailScanner[29720]: SpamAssassin
> returned 0
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Created
> attachment dirs
> >for 1 messages
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Virus and Content
> >Scanning: Starting
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Commencing
> scanning by
> >f-prot...
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
> >f-prot
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Commencing
> scanning by
> >clamavmodule...
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
> >clamavmodule
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Filename Checks:
> >Windows/DOS Executable (1AyARd-0007mi-Kk 0)
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Completed checking by
> >/usr/bin/file
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Filetype Checks: No
> >executables (1AyARd-0007mi-Kk 0)
> >Mar  2 09:00:48 srv2 MailScanner[29720]: Other Checks: Found 2
> >problems
> >
> >This would repeat over and over with the same e-mail until I
> >killed MailScanner. I put it in debug and got:
> >
> >Debug:
> >In Debugging mode, not forking...
> >Unmatched ( in regex; marked by <-- HERE in m/the
> sender of these
> >problems anymore ( <-- HERE since we cannot tell legitimate
> >senders/ at /opt/MailScanner/lib/MailScanner/Message.pm line
> >1913, <GEN60> line 18.
> >
> >So I looked in the report and saw it was puking on a sentence
> >enclosed in (). I looked at Message.pm line 1913 and noted:
> >
> >     $line =~ s/"/\\"/g; # Escape any " characters
> >     $line =~ s/@/\\@/g; # Escape any @ characters
> >
> >So I removed the ( and ) and it puked on a sentence that was
> >enclosed by **. I did some other checks and it puked
> on any regex
> >reserved character and didn't like words surrounded by quotes
> >like "To" (it did not puke on them but it complained
> about them)
> >. So I commented out the two lines above and added:
> >
> >$line =~ s/([\(\)\[\]\.\?\*\+\^"'@])/\\$1/g; # Escape
> any regex
> >characters
> >
> >and everything worked fine again. I found I could not
> escape the
> >"$" because it blew the eval() below this section. I have used
> >the same reports for months and have never had this happen
> >before. Did something change here? I'm confused as to if this
> >problem has to do with something on this end as I
> have not seen
> >other comments about the "Maximum Archive Depth", or this
> >problem, on the list. Although I guess unless your
> virus.deleted
> >or filename.deleted reports contained the same
> characters [()* or
> >.*] you wouldn't notice.. come to think about it I
> recently add
> >the text that was enclosed parenthetically. Might be
> something to
> >look at Julian.
> >
> >
> >--
> >Rick Cooper
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947
> 1415 B654
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>



More information about the MailScanner mailing list