[Mimedefang] strange string in e-mail causes timeouts

[Tilman Kastner]

Hello to all!

I'm not sure if this is the right place to ask, but perhaps someone 
else had
the same problem:

Sometimes our mai server is choking on emails, that is a mimedefang.pl 
process
eats one CPU completely and after the timeout sendmail gives an 4.71 
try again
error. I tracked down the problem to a strange character string which 
seems to
occur in HTML-Spam only. I did an ltrace on the hanging process, which 
came out
with

malloc(46)                                        = 0x088a36f8
memcpy(0x088a36f8, "<BFRYTE^3247(^(PO1:KJ)_8J7BJK9^""..., 45) = 
0x088a36f8
__strtol_internal("1", NULL, 10)                  = 1
memmove(0x089f6430, 0x088a36f8, 45, 0, 0x0885ae70) = 0x089f6430
memmove(0x08c109b8, 0x089f6430, 45, 0x08c411e0, 0x08857470) = 0x08c109b8
malloc(46)                                        = 0x08c10968
memmove(0x08c10968, 0x08c109b8, 45, 2, 0x08c09854) = 0x08c10968
free(0x088a3868)                                  = <void>
ferror(0x08baff80)                                = 0
_IO_getc(0x08c2e248)                              = 'EOF'
memmove(0x08c305b0, 0xbfffd6bc, 0, 0x080b29eb, -1) = 0x08c305b0
clearerr(0x08c2e248, 0x08c2e248, 0, 0x080b6dbb, 0x0890f5c8) = 0x08c2e248
m

and so on. Everytime an email contains this "<BFRYTE^3247(^(PO1:KJ)...",
the process goes nuts while trying to sanitize the HTML part with 
Anomy. I upgraded Anomy to the
new 1.54 release, still the same problem. Interestingly, if you do a 
Google groups search
for "BFRYTE" you will get more than 100 hits, which is all this 
character string, all at the end
of different spam mails.

What's going on here?

Tilman

-- 
Tilman Kastner                 DEVICE/N GmbH
kastner at devicen.de             Ilse-ter-Meer-Weg 7
PGP key available              30449 Hannover, Germany