[Mimedefang] slave ran out of memory
Marco Berizzi
pupilla at hotmail.com
Thu Mar 11 11:38:36 EST 2004
Hello everybody.
I'm having a problem with this piece of filter:
if (lc($ext) =~ /\.zip$/) {
use Archive::Zip qw(:ERROR_CODES);
my $path = $entity->bodyhandle->path;
my $zip = Archive::Zip->new();
Archive::Zip::setErrorHandler(sub {});
if ($zip->read($path) == AZ_OK()) {
md_syslog('debug', "Scanning zip file, Path=$path");
my $tfname = Archive::Zip::tempFileName('.');
my @members = $zip->members();
foreach my $member (@members) {
my $file = $member->fileName();
$size = $member->uncompressedSize();
md_syslog('debug', "Scanning zip entry $file, size=$size");
# approx 50Mb siz limit!
if ($size > 50e6) {
md_graphdefang_log('Archive member too big ', $file, $RelayAddr);
action_notify_administrator("Archive member too big $file - mail bounced");
action_bounce("Archive member $file too big");
#action_discard();
return;
}
if ($member->isEncrypted()) {
md_syslog('debug', "scanning Encrypted ZIP member $file");
my ($bad_exts, $re);
$bad_exts = '(ade|adp|app|asd|asf|wsh|zip|\{[^\}]+\})';
$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
if (lc($file) =~ $re) {
md_graphdefang_log('Encrypted_badfile', $file, $RelayAddr);
action_notify_administrator("A file called $file was detected in an encrypted ZIP file attached to an incoming e-mail - bounced.");
#action_quarantine_entire_message("An encrypted ZIP attachment conatining $file was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nIT Support to arrange for it to be released.\n");
action_bounce("Encrypted files of this type not allowed here");
#action_discard();
return;
}
md_syslog('warning', "Encrypted file $file");
} else {
$zip->extractMember($member, $tfname);
md_syslog('debug', "Scanning ZIP entry $file");
use File::Scan;
my $scanner = File::Scan->new;
my $virus = $scanner->scan($tfname);
unlink($tfname);
if ($virus) {
md_graphdefang_log('virus', $virus, $RelayAddr);
action_notify_administrator("Virus $VirusName inside zip found in mail - rejected");
action_bounce("Virus $VirusName found in mail - rejected");
#action_discard();
return;
}
}
}
} else {
md_graphdefang_log('bad_file', 'broken zip', $RelayAddr);
action_notify_administrator("broken zip");
}
}
I'm getting this error:
sm-mta[25138]: i2AExLHc025138: from=<xxx at yyy>, size=2698667, class=0, nrcpts=1, msgid=<200403101459.i2AExLHc025138 at yyy>, proto=ESMTP, daemon=MTA, relay=mid-1.inet.it [213.92.5.18]
mimedefang.pl[21431]: Scanning zip file, Path=Work/msg-21431-141.zip
mimedefang.pl[21431]: Scanning zip entry Off Tecnica SAA4C001_V03.doc, size=7021568
mimedefang-multiplexor: Slave 1 ran out of memory -- possible DoS attack due to complex MIME?
mimedefang[25139]: Error from multiplexor: ERR No response from slave
mimedefang[25139]: i2AExLHc025138: Filter failed. Message kept in /var/spool/MIMEDefang/mdefang-i2AExLHc025138
sm-mta[25138]: i2AExLHc025138: Milter: data, reject=451 4.7.1 Please try again later
sm-mta[25138]: i2AExLHc025138: to=<zzz at mydomain.uuu>, delay=00:00:27, pri=2728667, stat=Please try again later
I have workarounded with:
if (-s "./INPUTMSG" < 200*1024) {
bla bla bla
}
Is there a cleaner way to avoid this error?
I have also upgraded -R and -M multiplexor parameter from 10000/30000
to 60000/60000
TIA
More information about the MIMEDefang
mailing list