Re: [Exim] virurstest.org test #19

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: David
CC: exim-users
Subject: Re: [Exim] virurstest.org test #19
On Mon, 29 Mar 2004, David wrote:

> something wrong or this test is also broken ?
>
> I use this in data acl:
>
>    deny    condition   = ${if match{$message_headers}{\N^\b$\N}{yes}{no}}
>            message     = Blank Folding Vulnerability detected


That will not work, for several reasons.

(1) The regex that you are matching is "^\b$". That can never match
anything. The reason is that \b matches a "word boundary", which is an
assertion that requires at least one character to the left or one
character to the right of the current point, because the definition of
"word boundary" is a point between a "word" character and a "non-word"
character. The ends of the subject string count as non-word characters.
Thus, for ^\b to match, the start of the string must be followed by a
word character, whereas for \b$ to match the end of the string must be
preceded by a word character.

(2) If instead you use just "^$" and expect it to match two successive
newlines within a string, it won't work unless you turn on "multiline"
matching mode. Thus, in Exim, you need "(?m)^$" because that is the only
way to turn on PCRE matching options. Regular expressions should always
be tested; pcretest is your friend.

(3) However, when you apply this regex to $message_headers, it won't
ever match, because there will never be two successive newlines in that
string.

Afterthought: Were you thinking \b means "blank"? Perhaps you meant to
use \s instead? That would match a single whitespace character. Again,
you need to use (?m) to get "multiline" matching.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book