Re: [Mimedefang] utf-8 issue?
Hi all.
I ask you very much to continue the thread started in 2017. The problem
persists, and it is really annoying.
In brief: Mimedefang dies while message checking if *all *of following
conditions happen:
1. Attachment extension is "bad" and the attachment should be quarantined.
2. Attachment file name is non-ASCII and so why is encoded in UTF-8.
3. UTF-8 header encoding in original message is "incorrect" in some way.
Not sure what it means; many other Unicode filenames are processed and
quarantined properly.
I have supplied example strings to the maillist in 2018, and can add
more examples. Fresh one:
Jan 29 13:13:29 mimedefang.pl[24376]: ACE0720490:
MDLOG,ACE0720490,bad_filename,%42D%426%41F.rar,application/x-rar,,,=?UTF-8?B?0K3QptCf?=
Jan 29 13:13:29 mimedefang-multiplexor[27228]: ACE0720490: Slave 1
stderr: open body: Invalid argument at /usr/share/perl5/MIME/Entity.pm
line 1892.
Jan 29 13:13:29 mimedefang-multiplexor[27228]: Slave 1 died prematurely
-- check your filter rules
Jan 29 13:13:29 postfix/cleanup[3830]: ACE0720490: milter-reject:
END-OF-MESSAGE from f558.i.mail.ru[94.100.184.166]: 4.7.1 Service
unavailable - try again later;
Any ideas or workarounds? Changing mime-tools version changes line
number in Entity.pm, and nothing more.
Older examples are below.
Alexey
On 25.06.2018 17:17, Alexey Lobanov wrote:
> Hi all.
>
> I continue the years old thread related to improper processing of
> Unicode strings either in Mimedefang or Perl libs. Last message
> https://lists.roaringpenguin.com/pipermail/mimedefang/2017-December/038247.html
>
> As far as I can see, the exception happens only when Mimedefang tries
> to remove an attachment with non-ASCII (e.g, Russian) name. If
> attachment is permitted and passed, exception does not appear. Looks
> like also, that other Russian names in same message do not generate an
> exception; not sure in exception logging scheme. Please note also that
> about 50% of attachments in our environment have Cyrillic names in
> UTF-8, but the issue happens few times a year only.
>
> The example log ("use diagnostics;" in mimedefang.pl) is below.
>
> The visible names of attachments are: "Ат. профессора.rar", "ВАК
> дмн.rar", "Диплом БДМУ 1982.rar" and "Категория 2016.rar".
>
> The MIME headers for first attachment are:
>
> Content-Type: application/octet-stream;
> name="=?UTF-8?B?0JDRgi4g0L/RgNC+0YTQtdGB0YHQvtGA0LAucmFy?="
> Content-Disposition: attachment;
> filename="=?UTF-8?B?0JDRgi4g0L/RgNC+0YTQtdGB0YHQvtGA0LA=?=
> =?UTF-8?B?LnJhcg==?="
> Content-Transfer-Encoding: base64
> X-Attachment-Id: f_jimx17ff8
>
> Debian Jessie, Mimedefang 2.83 built from source, no embedded Perl
> mode, Mime-Tools 5.009, Perl v5.20.2.
>
> Yes, I have the whole message and I can provide any other
> non-confidential details from it.
>
>
>
> Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
> MDLOG,C6CE82122B,bad_filename,%410%442.
> %43F%440%43E%444%435%441%441%43E%440%430.rar,application/octet-stream,,,Re:
> LEC
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: Strings with code points over 0xFF may not be mapped into
> in-memory file
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: handles (#1)
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: (W utf8) You tried to open a reference to a scalar for
> read or append
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: where the scalar contained code points over 0xFF.
> In-memory files
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: model on-disk files and can only contain bytes.
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr:
> Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
> MDLOG,C6CE82122B,bad_filename,%412%410%41A
> %434%43C%43D.rar,application/octet-stream,,,Re:
> LEC
> Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
> MDLOG,C6CE82122B,bad_filename,%414%438%43F%43B%43E%43C
> %411%414%41C%423
> 1982.rar,application/octet-stream,,,Re: LEC
> Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
> MDLOG,C6CE82122B,bad_filename,%41A%430%442%435%433%43E%440%438%44F
> 2016.rar,application/octet-stream,,,Re: LEC
> Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
> MDLOG,C6CE82122B,mail_in,Re: LEC
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: Uncaught exception from user code:
> Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B: Worker
> 0 stderr: open body: Invalid argument at
> /usr/sha
Re: [Mimedefang] utf-8 issue?
Hi.
On 28.06.2018 1:51, Dianne Skoll wrote:
Hi,
Can you post the relevant part of your filter code that triggers
this problem?
It is default code with extended extension list. Trojan writers like
these file types novadays.
==
sub filter_bad_filename {
my($entity) = @_;
my($bad_exts, $re);
# Bad extensions
$bad_exts =
'(arj|rar|r15|lzh|uue|7z|xz|xlsm|epf|docm|dotm|dot|tgz|ace|z|gz|ace|jar|ade|adp|app|asd|asf|asx|bas|bat|cab|chm|cmd|com|cpl|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh|\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
return 1 if (re_match($entity, $re));
# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}
Also, MIME::tools 5.009 doesn't exist; I assume it was a typo and
you meant 5.509?
Correct. Just mistype.
--
Alexey
Regards,
Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] utf-8 issue?
Hi all.
I continue the years old thread related to improper processing of
Unicode strings either in Mimedefang or Perl libs. Last message https://lists.roaringpenguin.com/pipermail/mimedefang/2017-December/038247.html
As far as I can see, the exception happens only when Mimedefang
tries to remove an attachment with non-ASCII (e.g, Russian) name.
If attachment is permitted and passed, exception does not appear.
Looks like also, that other Russian names in same message do not
generate an exception; not sure in exception logging scheme.
Please note also that about 50% of attachments in our environment
have Cyrillic names in UTF-8, but the issue happens few times a
year only.
The example log ("use diagnostics;" in mimedefang.pl) is below.
The visible names of attachments are: "Ат. профессора.rar", "ВАК
дмн.rar", "Диплом БДМУ 1982.rar" and "Категория 2016.rar".
The MIME headers for first attachment are:
Content-Type: application/octet-stream;
name="=?UTF-8?B?0JDRgi4g0L/RgNC+0YTQtdGB0YHQvtGA0LAucmFy?="
Content-Disposition: attachment; filename="=?UTF-8?B?0JDRgi4g0L/RgNC+0YTQtdGB0YHQvtGA0LA=?=
=?UTF-8?B?LnJhcg==?="
Content-Transfer-Encoding: base64
X-Attachment-Id: f_jimx17ff8
Debian Jessie, Mimedefang 2.83 built from source, no embedded
Perl mode, Mime-Tools 5.009, Perl v5.20.2.
Yes, I have the whole message and I can provide any other
non-confidential details from it.
Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
MDLOG,C6CE82122B,bad_filename,%410%442.
%43F%440%43E%444%435%441%441%43E%440%430.rar,application/octet-stream,,,Re:
LEC
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: Strings with code points over 0xFF may not be
mapped into in-memory file
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: handles (#1)
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: (W utf8) You tried to open a reference to a
scalar for read or append
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: where the scalar contained code points over
0xFF. In-memory files
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: model on-disk files and can only contain
bytes.
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr:
Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
MDLOG,C6CE82122B,bad_filename,%412%410%41A
%434%43C%43D.rar,application/octet-stream,,,Re:
LEC
Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
MDLOG,C6CE82122B,bad_filename,%414%438%43F%43B%43E%43C
%411%414%41C%423 1982.rar,application/octet-stream,,,Re:
LEC
Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
MDLOG,C6CE82122B,bad_filename,%41A%430%442%435%433%43E%440%438%44F
2016.rar,application/octet-stream,,,Re:
LEC
Jun 20 18:26:52 mail mimedefang.pl[25718]: C6CE82122B:
MDLOG,C6CE82122B,mail_in,Re:
LEC
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: Uncaught exception from user code:
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: open body: Invalid argument at
/usr/share/perl5/MIME/Entity.pm line 1892.
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr:
MIME::Entity::print_bodyhandle(MIME::Entity=HASH(0xa10a63c),
GLOB(0x9b07fe8)) called at /usr/share/perl5/MIME/Entity.pm line
1873
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr:
MIME::Entity::print_body(MIME::Entity=HASH(0xa10a63c),
GLOB(0x9b07fe8)) called at /usr/share/perl5/MIME/Entity.pm line
1785
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr:
MIME::Entity::print(MIME::Entity=HASH(0xa10a63c), GLOB(0x9b07fe8))
called at /usr/share/perl5/MIME/Entity.pm line 1846
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: MIME::Entity::print_body
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: (MIME::Entity=HASH(0xa106420), GLOB(0x9b07fe8))
called at /usr/local/bin/mimedefang.pl line 6160
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr:
main::do_scan("/var/spool/MIMEDefang/mdefang-W13qP1p") called at
/usr/local/bin/mimedefang.pl line 5663
Jun 20 18:26:52 mail mimedefang-multiplexor[25717]: C6CE82122B:
Worker 0 stderr: main::handle_scan("C6CE82122B",
"/var/spool/MIMEDefang/mdefang-W13qP
