You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2008/08/06 10:39:52 UTC
Re: Perl regex crash on large HTML table under SPAMD - SOLVED
Dominic Germain writes:
> replacing "*" by "{0,30}" fixed my problem! The regex works for small
> tables without crashing spamd childs.
Good to hear it.
> IMO, upgrading to Perl 5.10 on OSX is not recommended... Apple is
> tweeking a lot of stuff and there is always chances that a future OSX
> update will screw up everything.
Yes -- in general, it can be hard work to do that, and there
are still the occasional report of bugs in 5.10; if you can avoid it
for a few more months, do ;)
--j.
> many thanks!
>
>
> Dominic Germain
> ---------------------------------------------
> Administrateur r�seau / Network administrator
> Sogetel
> www.sogetel.net
>
> mailinglists@sogetel.com
>
>
>
> Le 08-08-05 � 15:23, Justin Mason a �crit :
>
> >
> > Dominic Germain writes:
> >> Hi,
> >>
> >> I'm running the following rules in my local rules for a while and it
> >> works flawlessly under RedHat EL 3 (Perl 5.8.0):
> >>
> >> rawbody TABLEOBFU /
> >> <td([^>]|"[^"]*"|'[^']*')*>(<([^>]|"[^"]*"|'[^']*')*>)*[a-z]{1,2}
> >> (<([^>]|"[^"]*"|'[^']*')*>)*<\/td([^>]|"[^"]*"|'[^']*')*>/i
> >>
> >> Recently, we move to Apple Mac OS X 10.5 server with Perl 5.8.8. We
> >> start getting SIGCHLD error and 0/0 scores. I've found that
> >> TABLEOBFU
> >> rule crash if there is a large table (~32k) inside the mail... I was
> >> able to reproduce it under Redhat EL 5 also (Perl 5.8.8) but HTML
> >> must
> >> be 2 times larger (~64k).
> >>
> >> I also try with the following rule I got from the mailing list. Same
> >> problem.
> >>
> >> rawbody TABLEOBFU /
> >> <td([^>]|"[^"]*"|'[^']*')*>(<([^>]|"[^"]*"|'[^']*')*>)*[a-z]{1,2}
> >> (<([^>]|"[^"]*"|'[^']*')*>)*<\/td([^>]|"[^"]*"|'[^']*')*>/i
> >>
> >> It seems to be something related to allocated memory for the spamd
> >> script...
> >>
> >> Anything known about that issue? Is is possible to "skip" a test
> >> according to mail size?
> >
> > The best fix would be to rewrite those rules not to use /*/, to use
> > /{0,n}/ instead, and to use /(?...)/ instead of /(...)/ . You
> > could also
> > upgrade to perl 5.10, which may have this bug fixed iirc; however you
> > would still be vulnerable to another side-effect of that kind of
> > regexp,
> > which is exponential runtime. unlimited quantifiers like + and * are
> > very
> > bad news in SA rules.
> >
> > --j.