replacing "*" by "{0,30}" fixed my problem! The regex works for small
tables without crashing spamd childs.
IMO, upgrading to Perl 5.10 on OSX is not recommended... Apple is
tweeking a lot of stuff and there is always chances that a future OSX
update will screw up everything.
many thanks!
Dominic Germain
---------------------------------------------
Administrateur réseau / Network administrator
Sogetel
www.sogetel.net
[EMAIL PROTECTED]
Le 08-08-05 à 15:23, Justin Mason a écrit :
Dominic Germain writes:
Hi,
I'm running the following rules in my local rules for a while and it
works flawlessly under RedHat EL 3 (Perl 5.8.0):
rawbody TABLEOBFU /
<td([^>]|"[^"]*"|'[^']*')*>(<([^>]|"[^"]*"|'[^']*')*>)*[a-z]{1,2}
(<([^>]|"[^"]*"|'[^']*')*>)*<\/td([^>]|"[^"]*"|'[^']*')*>/i
Recently, we move to Apple Mac OS X 10.5 server with Perl 5.8.8. We
start getting SIGCHLD error and 0/0 scores. I've found that
TABLEOBFU
rule crash if there is a large table (~32k) inside the mail... I was
able to reproduce it under Redhat EL 5 also (Perl 5.8.8) but HTML
must
be 2 times larger (~64k).
I also try with the following rule I got from the mailing list. Same
problem.
rawbody TABLEOBFU /
<td([^>]|"[^"]*"|'[^']*')*>(<([^>]|"[^"]*"|'[^']*')*>)*[a-z]{1,2}
(<([^>]|"[^"]*"|'[^']*')*>)*<\/td([^>]|"[^"]*"|'[^']*')*>/i
It seems to be something related to allocated memory for the spamd
script...
Anything known about that issue? Is is possible to "skip" a test
according to mail size?
The best fix would be to rewrite those rules not to use /*/, to use
/{0,n}/ instead, and to use /(?...)/ instead of /(...)/ . You
could also
upgrade to perl 5.10, which may have this bug fixed iirc; however you
would still be vulnerable to another side-effect of that kind of
regexp,
which is exponential runtime. unlimited quantifiers like + and * are
very
bad news in SA rules.
--j.
