You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2020/03/29 16:29:27 UTC

[Bug 7804] New: zoom: able to use 390/391 'body_0' compiled rules (99.744%)

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

            Bug ID: 7804
           Summary: zoom: able to use 390/391 'body_0' compiled rules
                    (99.744%)
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: dev@spamassassin.apache.org
          Reporter: frodo@morgul.net
  Target Milestone: Undefined

Forwarded from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951375

It seems that the GB_WP_FILELINK rule does not properly compile.  Notable
details from the Debian bug report:

spamassassin -D reports the following:

Feb 16 06:16:10.258 [4799] dbg: zoom: loading compiled ruleset from
/var/lib/spamassassin/compiled/5.030/3.004004
Feb 16 06:16:10.259 [4799] dbg: zoom: using compiled ruleset in
/var/lib/spamassassin/compiled/5.030/3.004004/Mail/SpamAssassin/CompiledRegexps/body_0.pm
for Mail::SpamAssassin::CompiledRegexps::body_0
Feb 16 06:16:10.260 [4799] dbg: zoom: skipping rule GB_WP_FILELINK, code
differs in compiled ruleset '[hash]file_links\["C\:\\w+\.txt'
'[hash]file_links\["C\:\\\w+\.txt'
Feb 16 06:16:10.261 [4799] dbg: zoom: able to use 371/372 'body_0' compiled
rules (99.731%)

So the problem appears related to the GB_WP_FILELINK rule.  That rule
looks like:

body     GB_WP_FILELINK  /\#file_links\["C\:\\\w+\.txt/
describe GB_WP_FILELINK  try to abuse file_links uris in Wordpress emails
#score    GB_WP_FILELINK  2.0 # limit
tflags   GB_WP_FILELINK  publish

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

Giovanni Bechis <gi...@paclan.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |giovanni@paclan.it
          Component|Rules                       |sa-compile

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

--- Comment #2 from Giovanni Bechis <gi...@paclan.it> ---
This test rule triggers the same bug in sa-compile as well:

body TEST4 /foobar[\\\/]foobar/

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

--- Comment #1 from Giovanni Bechis <gi...@paclan.it> ---
I think the rule triggers a bug in sa-compile, spamassassin --lint does not
give any warning.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

Noah Meyerhans <fr...@morgul.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |frodo@morgul.net

--- Comment #5 from Noah Meyerhans <fr...@morgul.net> ---
Giving that compiling rules is intended as a performance
optimization/efficiency improvement, what is the impact of dropping from 100%
compiled rules to <100%? Has this been quantified?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

--- Comment #4 from Giovanni Bechis <gi...@paclan.it> ---
I re-enabled the rule, as for fixing the bug I tried a bit but I only became
more convinced to give up on maintaining sa-compile and friends in 4.0.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

Henrik Krohns <ap...@hege.li> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #7 from Henrik Krohns <ap...@hege.li> ---
Closing as stale. Doubtful anyone will fix it.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

--- Comment #6 from Henrik Krohns <ap...@hege.li> ---
(In reply to Noah Meyerhans from comment #5)
> Giving that compiling rules is intended as a performance
> optimization/efficiency improvement, what is the impact of dropping from
> 100% compiled rules to <100%? Has this been quantified?

It makes no practical difference. Compiling all or nothing give a small speed
boost with less memory usage, can be useful if one uses many custom static
rules. I've never bothered using it, just complicates things with all the
possible bugs like this and previous utf-8 stuff etc.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules (99.744%)

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804

Henrik Krohns <ap...@hege.li> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |apache@hege.li

--- Comment #3 from Henrik Krohns <ap...@hege.li> ---

The "bug" is in BodyRuleBaseExtractor.pm / fixup_re() function which doesn't
handle multiple backslashes properly. Regex strings should not be tried to
parse with regexes and eval functions, just look at all the past
vulnerabilities.

Then again, there is nothing broken here. It simply skips the mismatched rule,
which will be used in normal way. So this does not mean that GB_WP_FILELINK
rule is not working - there is no reason to comment it out from stock rules.
Even the "able to use" message is a normal debug line that noone sees unless
debug is enabled.

I'm inclined to close this, but might as well leave it open if someone has
stamina to tackle the code without breaking something. Personally I would just
ditch the whole sa-compile ecosystem in 4.0 as unmaintenable mess.

-- 
You are receiving this mail because:
You are the assignee for the bug.