[Mimedefang] strange string in e-mail causes timeouts
Tilman Kastner
kastner at devicen.de
Wed Sep 18 11:11:01 EDT 2002
Hello to all!
I'm not sure if this is the right place to ask, but perhaps someone
else had
the same problem:
Sometimes our mai server is choking on emails, that is a mimedefang.pl
process
eats one CPU completely and after the timeout sendmail gives an 4.71
try again
error. I tracked down the problem to a strange character string which
seems to
occur in HTML-Spam only. I did an ltrace on the hanging process, which
came out
with
malloc(46) = 0x088a36f8
memcpy(0x088a36f8, "<BFRYTE^3247(^(PO1:KJ)_8J7BJK9^""..., 45) =
0x088a36f8
__strtol_internal("1", NULL, 10) = 1
memmove(0x089f6430, 0x088a36f8, 45, 0, 0x0885ae70) = 0x089f6430
memmove(0x08c109b8, 0x089f6430, 45, 0x08c411e0, 0x08857470) = 0x08c109b8
malloc(46) = 0x08c10968
memmove(0x08c10968, 0x08c109b8, 45, 2, 0x08c09854) = 0x08c10968
free(0x088a3868) = <void>
ferror(0x08baff80) = 0
_IO_getc(0x08c2e248) = 'EOF'
memmove(0x08c305b0, 0xbfffd6bc, 0, 0x080b29eb, -1) = 0x08c305b0
clearerr(0x08c2e248, 0x08c2e248, 0, 0x080b6dbb, 0x0890f5c8) = 0x08c2e248
m
and so on. Everytime an email contains this "<BFRYTE^3247(^(PO1:KJ)...",
the process goes nuts while trying to sanitize the HTML part with
Anomy. I upgraded Anomy to the
new 1.54 release, still the same problem. Interestingly, if you do a
Google groups search
for "BFRYTE" you will get more than 100 hits, which is all this
character string, all at the end
of different spam mails.
What's going on here?
Tilman
--
Tilman Kastner DEVICE/N GmbH
kastner at devicen.de Ilse-ter-Meer-Weg 7
PGP key available 30449 Hannover, Germany
More information about the MIMEDefang
mailing list