[Mimedefang] Browser Bug: Very bad in IE and varies on Netscape and Mozilla
Kelson Vibber
kelson at speed.net
Fri Dec 19 22:11:50 EST 2003
On Friday 19 December 2003 6:11 pm, David F. Skoll wrote:
> On Sat, 20 Dec 2003, Jonas Eckerman wrote:
> > uri KAM_URIPARSE /[a-z]+\:\/\/\%0[01].*\@/
>
> Using a regular expression like that in SpamAssassin is Very Bad News.
> SA treats the entire message as one humongous line, and an unlimited
> quantifier (as in ".*" or "[a-z]+") will be really, really slow.
In general, this is true. In this particular case it might be OK, since the
rule posted is defined as a URI test. I believe SA pulls out anything that
looks like a URL/URI and runs URI tests on each string, rather than on the
entire message (as it does with the body tests).
> Writing SA rules is incredibly tricky.
Agreed!
> You can limit it to something
> reasonable by using {0,50} everywhere you'd normally be tempted to use *,
> and {1,50} where you'd normally be tempted to use +
And this is probably still a good idea here as well, just less critical than
in the body and rawbody tests.
All that said, this rule probably won't handle the case where an actual \0 or
\1 is embedded in the message (although I suspect those are unlikely to make
it through the MTA or, perhaps, MD's suspicious characters tests).
--
Kelson Vibber
SpeedGate Communications, www.speed.net
More information about the MIMEDefang
mailing list