New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Item12634: disable checking attachments for spam by default

Priority: Urgent
Current State: Closed
Released In: n/a
Target Release:
Applies To: Extension
Component: AntiWikiSpamPlugin
Branches: trunk
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
Currently, the plugin uses regular expressions to analyze content. This is more suitable for textual data, like wiki content. It fails however on most non-textual data like images. It fails so badly that the regular expression test crashes all together with the process taking 100% CPU in an endless loop.

Therefore, the {CheckAttachments} setting should better default to $FALSE and a warning should be added to the configuration setting.

Best would be to add a virus checker for attachments instead of regexing binaries.

Here's the intended change for now:

--- lib/Foswiki/Plugins/AntiWikiSpamPlugin/Config.spec  (revision 17040)
+++ lib/Foswiki/Plugins/AntiWikiSpamPlugin/Config.spec  (working copy)
@@ -6,7 +6,8 @@
 # **BOOLEAN**
 # Should attachment contents be checked against the spam regular expression list?
-$Foswiki::cfg{Plugins}{AntiWikiSpamPlugin}{CheckAttachments} = $TRUE;
+# *WARNING*: Checking attachments could cause a high CPU load on the server.
+$Foswiki::cfg{Plugins}{AntiWikiSpamPlugin}{CheckAttachments} = $FALSE;

Sven, what do you think?

-- MichaelDaum - 05 Nov 2013

I'll go ahead and make these changes.

-- GeorgeClark - 25 Apr 2014
Topic revision: r8 - 25 Apr 2014, GeorgeClark - This page was cached on 21 Mar 2018 - 18:57.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License