Problems with 4.28-2

Julian Field mailscanner at ecs.soton.ac.uk
Tue Mar 2 20:48:29 GMT 2004 

At 17:20 02/03/2004, you wrote:
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Julian Field
> > Sent: Tuesday, March 02, 2004 11:09 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Problems with 4.28-2
> >
> >
> > Many thanks for letting me know about that one, and
> > for writing the fix for
> > me. It turns up 1 other time in Message.pm as well
> > (look for "Escape any "
> > and you will find it).
> > Fixed for the next release.
> >
>
>Your very welcome and thank you. Next item, are you aware that
>the messages sent upon detecting a bad file name or protected zip
>are blank and the warnings:
>
>Warning: This message has had one or more attachments removed
>Warning: (the entire message).
>Warning: Please read the "SystemWarning.txt" attachment(s) for
>more information.
>
>Are in the warning attachment instead?

If it finds a protected zip file it knocks out the entire message, not just
the zip file. Known issue.


> > At 15:34 02/03/2004, you wrote:
> > >Ok, I ran some test messages with 4.28-7 and when I sent a zip
> > >with a password or bad filename the log showed:
> > >
> > >Mar  2 08:58:52 srv2 pop3d: LOGOUT, user=sbox,
> > >ip=[::ffff:xxx.xxx.xxx.xxx], top=0, retr=0
> > >Mar  2 09:00:43 srv2 MailScanner[29720]: New Batch: Scanning 1
> > >messages, 988519 bytes
> > >Mar  2 09:00:43 srv2 MailScanner[29720]: Spam Checks: Starting
> > >Mar  2 09:00:46 srv2 MailScanner[29720]: SpamAssassin
> > returned 0
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Created
> > attachment dirs
> > >for 1 messages
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Virus and Content
> > >Scanning: Starting
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Commencing
> > scanning by
> > >f-prot...
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
> > >f-prot
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Commencing
> > scanning by
> > >clamavmodule...
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Completed scanning by
> > >clamavmodule
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Filename Checks:
> > >Windows/DOS Executable (1AyARd-0007mi-Kk 0)
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Completed checking by
> > >/usr/bin/file
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Filetype Checks: No
> > >executables (1AyARd-0007mi-Kk 0)
> > >Mar  2 09:00:48 srv2 MailScanner[29720]: Other Checks: Found 2
> > >problems
> > >
> > >This would repeat over and over with the same e-mail until I
> > >killed MailScanner. I put it in debug and got:
> > >
> > >Debug:
> > >In Debugging mode, not forking...
> > >Unmatched ( in regex; marked by <-- HERE in m/the
> > sender of these
> > >problems anymore ( <-- HERE since we cannot tell legitimate
> > >senders/ at /opt/MailScanner/lib/MailScanner/Message.pm line
> > >1913, <GEN60> line 18.
> > >
> > >So I looked in the report and saw it was puking on a sentence
> > >enclosed in (). I looked at Message.pm line 1913 and noted:
> > >
> > >     $line =~ s/"/\\"/g; # Escape any " characters
> > >     $line =~ s/@/\\@/g; # Escape any @ characters
> > >
> > >So I removed the ( and ) and it puked on a sentence that was
> > >enclosed by **. I did some other checks and it puked
> > on any regex
> > >reserved character and didn't like words surrounded by quotes
> > >like "To" (it did not puke on them but it complained
> > about them)
> > >. So I commented out the two lines above and added:
> > >
> > >$line =~ s/([\(\)\[\]\.\?\*\+\^"'@])/\\$1/g; # Escape
> > any regex
> > >characters
> > >
> > >and everything worked fine again. I found I could not
> > escape the
> > >"$" because it blew the eval() below this section. I have used
> > >the same reports for months and have never had this happen
> > >before. Did something change here? I'm confused as to if this
> > >problem has to do with something on this end as I
> > have not seen
> > >other comments about the "Maximum Archive Depth", or this
> > >problem, on the list. Although I guess unless your
> > virus.deleted
> > >or filename.deleted reports contained the same
> > characters [()* or
> > >.*] you wouldn't notice.. come to think about it I
> > recently add
> > >the text that was enclosed parenthetically. Might be
> > something to
> > >look at Julian.
> > >
> > >
> > >--
> > >Rick Cooper
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947
> > 1415 B654
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list