New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Item12410: upload fails as checking them exceeds backend resources

Priority: Urgent
Current State: Closed
Released In: n/a
Target Release:
Applies To: Extension
Component: AntiWikiSpamPlugin
Branches: trunk
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
I've created a 2MB test file consisting of zeros only (dd if=/dev/zero of=testfile_2MB bs=2097152 count=1) and tried to upload it.

The process fails with a "Premature end of script" warning in the error logs, using FastCGIEngineContrib.

Once I disabled checking attachments, uploads went thru just fine.

-- MichaelDaum - 27 Feb 2013

We recently disabled $Foswiki::cfg{Plugins}{AntiWikiSpamPlugin}{CheckAttachments} = 0; on as uploading large attachments timed out.

This feature should be disabled the way it is implemented right now.

Large attachments, i.e. compressed files like zips, should not be regex'ed, or unpackaged and then scanned, if you like.

Another idea would be to scan attachments offline - not online as part of the upload procedure - and move suspects into a quarantine.

-- MichaelDaum - 23 May 2013

I'm changing the documentation to recommend an AntiVirus plugin, such as the ClamAVPlugin, instead of the regex scans for attachments. They probably are not much use. Typically the spam consists of jpeg's advertising whatever goods.

-- GeorgeClark - 25 Apr 2014
Topic revision: r6 - 25 Apr 2014, GeorgeClark - This page was cached on 21 Mar 2018 - 01:10.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License