WTF? If tflags=multiple is supported at all, it should behave properly
(i.e. not hitting over and over on the *same bit of text*).
maxhits was implemented after 3.3.1; is it possible that there are
just a *lot* of instances of "your business" in that test message, and
it's simply hitting all of them?
Can anyone else confirm this on 3.3.1? Run through a test message with
*one* instance of "your business" and get repeated hits on it in
__GENERATE_LEADS?
While __GENERATE_LEADS is recent, there are a lot of tflags=multiple
rules in the base ruleset that have been there for a long time - I'd
expect this to have come up much earlier.
I tested on Centos7 with sa-update done and rules compiled, this rule
does not trigger a loop.
You tested 3.3.1 on C7? Or the native 3.4.0, which does implement
maxhits?
Are the SA 3.3.1 sources different between the C6 and C7 packages?
Hello,
To follow up; if I disable Rule2XSBody plugin (rule compilation), on
Centos6 SA 3.3.1-3 there is no loop;
Apr 20 14:14:05.138 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "G"
Apr 20 14:14:05.138 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "A"
Apr 20 14:14:05.138 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "M"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "W"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "T"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "G"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "A"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "I"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "A"
Apr 20 14:14:05.139 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "I"
Apr 20 14:14:05.140 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "N"
Apr 20 14:14:05.140 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "C"
Apr 20 14:14:05.140 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: " L"
Apr 20 14:14:05.140 [27778] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: " T"
Apr 20 14:14:05.789 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.790 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.790 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.791 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.791 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.792 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.792 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.793 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.796 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.797 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.797 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.798 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.798 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.799 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.799 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.799 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:05.799 [27778] dbg: rules: ran body rule __GENERATE_LEADS
======> got hit: "your business"
Apr 20 14:14:06.444 [27778] dbg: rules: ran body rule __HIGHBITS ======>
got hit: "â?¢ â?? "
Apr 20 14:14:06.590 [27778] dbg: rules: running uri tests; score so
far=4.9999
however, with Rule2XSBody enabled, on SA 3.3.1 on Centos6, it loops forever.
With or witout Rule2XSBody on Centos7 SA 3.4.0-2 bundled SA rpm, it
works correctly.
I am disabling Rule2XSBody for now while I rebuild Centos7 boxes.
Chris
