Hello to all!
some time ago i sent this message to the MIMEDefang mailing list.
As this issue seems to be Anomy-related, perhaps somebody on this list
I'm not sure if this is the right place to ask, but perhaps someone
the same problem:
Sometimes our mail server is choking on emails, that is a mimedefang.pl
eats one CPU completely and after the timeout sendmail gives an 4.71
error. I tracked down the problem to a strange character string which
occur in HTML-Spam only. I did an ltrace on the hanging process, which
malloc(46) = 0x088a36f8
memcpy(0x088a36f8, "<BFRYTE^3247(^(PO1:KJ)_8J7BJK9^""..., 45) =
__strtol_internal("1", NULL, 10) = 1
memmove(0x089f6430, 0x088a36f8, 45, 0, 0x0885ae70) = 0x089f6430
memmove(0x08c109b8, 0x089f6430, 45, 0x08c411e0, 0x08857470) = 0x08c109b8
malloc(46) = 0x08c10968
memmove(0x08c10968, 0x08c109b8, 45, 2, 0x08c09854) = 0x08c10968
free(0x088a3868) = <void>
ferror(0x08baff80) = 0
_IO_getc(0x08c2e248) = 'EOF'
memmove(0x08c305b0, 0xbfffd6bc, 0, 0x080b29eb, -1) = 0x08c305b0
clearerr(0x08c2e248, 0x08c2e248, 0, 0x080b6dbb, 0x0890f5c8) = 0x08c2e248
and so on. Everytime an email contains this "<BFRYTE^3247(^(PO1:KJ)...",
the process goes nuts while trying to sanitize the HTML part with
Anomy. I upgraded Anomy to the
new 1.54 release, still the same problem. Interestingly, if you do a
Google groups search
for "BFRYTE" you will get more than 100 hits, which is all this
character string, all at the end
of different spam mails.
What's going on here?
-- Tilman Kastner DEVICE/N GmbH email@example.com Ilse-ter-Meer-Weg 7 PGP key available 30449 Hannover, Germany