anomy-bugs

strange string in e-mail causes timeouts

From: Tilman Kastner (18472@xyz.molar.is)
Date: Sun 13 Oct 2002 - 15:46:23 GMT

  • Next message: Derrik Rensink: "Re: filename parsing issue"

    Hello to all!

    some time ago i sent this message to the MIMEDefang mailing list.
    Unfortunately,
    noone answered.

    As this issue seems to be Anomy-related, perhaps somebody on this list
    could
    help?

    I'm not sure if this is the right place to ask, but perhaps someone
    else had
    the same problem:

    Sometimes our mail server is choking on emails, that is a mimedefang.pl
    process
    eats one CPU completely and after the timeout sendmail gives an 4.71
    try again
    error. I tracked down the problem to a strange character string which
    seems to
    occur in HTML-Spam only. I did an ltrace on the hanging process, which
    came out
    with

    malloc(46) = 0x088a36f8
    memcpy(0x088a36f8, "<BFRYTE^3247(^(PO1:KJ)_8J7BJK9^""..., 45) =
    0x088a36f8
    __strtol_internal("1", NULL, 10) = 1
    memmove(0x089f6430, 0x088a36f8, 45, 0, 0x0885ae70) = 0x089f6430
    memmove(0x08c109b8, 0x089f6430, 45, 0x08c411e0, 0x08857470) = 0x08c109b8
    malloc(46) = 0x08c10968
    memmove(0x08c10968, 0x08c109b8, 45, 2, 0x08c09854) = 0x08c10968
    free(0x088a3868) = <void>
    ferror(0x08baff80) = 0
    _IO_getc(0x08c2e248) = 'EOF'
    memmove(0x08c305b0, 0xbfffd6bc, 0, 0x080b29eb, -1) = 0x08c305b0
    clearerr(0x08c2e248, 0x08c2e248, 0, 0x080b6dbb, 0x0890f5c8) = 0x08c2e248
    m

    and so on. Everytime an email contains this "<BFRYTE^3247(^(PO1:KJ)...",
    the process goes nuts while trying to sanitize the HTML part with
    Anomy. I upgraded Anomy to the
    new 1.54 release, still the same problem. Interestingly, if you do a
    Google groups search
    for "BFRYTE" you will get more than 100 hits, which is all this
    character string, all at the end
    of different spam mails.

    What's going on here?

    Tilman

    -- 
    Tilman Kastner                 DEVICE/N GmbH
    18472@xyz.molar.is             Ilse-ter-Meer-Weg 7
    PGP key available              30449 Hannover, Germany
    



    hosted by molar.is