sa-update SHA1 calculation bug

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rstarkov
New user
New user
Posts: 26
Joined: 2013-12-30 15:51

sa-update SHA1 calculation bug

Post by rstarkov » 2017-09-21 00:30

I've decided to update my ancient SpamAssassin installation and ran into a problem: the latest version has a buggy sa-update that calculates the SHA1 hash incorrectly!

Here's an extract from a debug (-D) run of sa-update:

Code: Select all

downloading to: C:\SpamAssassin\Bin\share\3.004001\updates_spamassassin_org\1799552.tar.gz, update
http: (curl.exe) GET http://sa-update.ena.com/1799552.tar.gz, success
downloading to: C:\SpamAssassin\Bin\share\3.004001\updates_spamassassin_org\1799552.tar.gz.sha1, update
http: (curl.exe) GET http://sa-update.ena.com/1799552.tar.gz.sha1, success
dbg: sha1: verification wanted: 10801ca581564e652a009e80f6195c4bb8532a94
dbg: sha1: verification result: 74ea7198eb78c4a33c420a7cb7c399bce2f372d2
channel: SHA1 verification failed, channel failed
Here's a non-buggy SHA1 calculation on the downloaded file:

Code: Select all

%%%% HASHDEEP-1.0
%%%% size,sha1,filename
## hashdeep64.EXE -c sha1 C:\SpamAssassin\Bin\share\3.004001\updates_spamassassin_org\1799552.tar.gz
##
274927,10801ca581564e652a009e80f6195c4bb8532a94,C:\SpamAssassin\Bin\share\3.004001\updates_spamassassin_org\1799552.tar.gz
Fail... This is v3.41 downloaded from https://www.jam-software.de/customers/d ... anguage=EN and I tried both 32 and 64 builds, both had this problem.

Any tips on how to get this version of SpamAssassin to update?

User avatar
mattg
Moderator
Moderator
Posts: 20003
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: sa-update SHA1 calculation bug

Post by mattg » 2017-09-21 00:32

What does Jam Software say about this updating issue with their product?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

rstarkov
New user
New user
Posts: 26
Joined: 2013-12-30 15:51

Re: sa-update SHA1 calculation bug

Post by rstarkov » 2017-09-21 00:54

I've only emailed them just now. This forum is the best place I know for community support related to SpamAssassin for windows so... I was hoping someone running hMailServer may have experienced this and knows how to deal with it.

User avatar
mattg
Moderator
Moderator
Posts: 20003
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: sa-update SHA1 calculation bug

Post by mattg » 2017-09-21 01:01

That's OK and I agree, I was just making sure that you have contacted them.

Personally I run SpamAssassin on a virtual Ubuntu server install, so it is a little different for me. Updates etc all just happen without my intervention.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

rstarkov
New user
New user
Posts: 26
Joined: 2013-12-30 15:51

Re: sa-update SHA1 calculation bug

Post by rstarkov » 2017-09-24 17:39

The response from Jam Software was almost immediate and very helpful! Apparently this happens if there is a "curl.exe" on the path. Removing it fixed the problem for me.

Jam Software say that it's a bug in the SpamAssassin's Perl code.

User avatar
mattg
Moderator
Moderator
Posts: 20003
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: sa-update SHA1 calculation bug

Post by mattg » 2017-09-25 00:44

Thanks for the post back with the solution.
(and Yes, Jam software are normally very responsive)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

attwoodw
New user
New user
Posts: 3
Joined: 2012-08-08 22:43
Location: United Kingdom

Re: sa-update SHA1 calculation bug

Post by attwoodw » 2018-07-03 21:23

I know I'm a little late to this party but have just run into this problem today, could anyone please tell me in which file the problematic path resides?

User avatar
mattg
Moderator
Moderator
Posts: 20003
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: sa-update SHA1 calculation bug

Post by mattg » 2018-07-03 23:51

mattg wrote:
2017-09-21 00:32
What does Jam Software say about this updating issue with their product?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

attwoodw
New user
New user
Posts: 3
Joined: 2012-08-08 22:43
Location: United Kingdom

Re: sa-update SHA1 calculation bug

Post by attwoodw » 2018-07-13 20:43

>>>>>>>>>>>>>>Paste of email<<<<<<<<<<<<<<<<<
Dear Mr. Attwood,

The problem is caused by the program curl.exe resisting in several locations on your system.
In case “Curl.exe” exists in some directory that is also listed in your systems PATH environment variable, sa-update will use this version, instead of using the version that was shipped with SpamAssassin.

Please save the attached file as „sa-update“ and copy it to the directory and replace the original file:
C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\runtime\
This should fix the issue.

Best regards

>>>>>>>>>>>>>>end of Paste<<<<<<<<<<<<<<<<<

The email has answered my question and I have resolved the more than one curl.exe in the PATH environment variable, however there was no attached file to the email. I suspect the replacement "sa-update" has an additional absolute PATH variable to the SpamAssassin curl.exe

I found the additional curl.exe in my C:\Windows\System32\ folder "Windows 10 [Version 10.0.17134.165]"

I will update this when I receive the script from JAM

attwoodw
New user
New user
Posts: 3
Joined: 2012-08-08 22:43
Location: United Kingdom

Re: sa-update SHA1 calculation bug

Post by attwoodw » 2018-07-17 13:01

Rerplacement sa-update file link

https://fileshare.jam-software.de/share ... cedownload

I have also attached it as a compressed file should the link expire

Save the file as „sa-update“ and copy it to the directory and replace the original file:
C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\runtime\


The attached compressed file contains the JAM replacement sa-update
sa-update.7z
(19.23 KiB) Downloaded 113 times

I hope someone finds this useful

Best Wishes
Wayne

KooiInc
New user
New user
Posts: 5
Joined: 2015-03-25 20:12

Re: sa-update SHA1 calculation bug

Post by KooiInc » 2018-07-20 09:38

Hi Wayne, thanks for your efforts and the file. It made my day!

Regards /Renzo Kooi

PVi1
New user
New user
Posts: 1
Joined: 2019-02-01 18:33

Re: sa-update SHA1 calculation bug

Post by PVi1 » 2019-02-01 18:41

Hi all,

in my case, archive file with rules was only partially downloaded - eg its size was about 55KB instead of cca 290KB.
So I started sa-update with -D args and watched the output. I have tried to download that archive from my PC and it worked fine, so it was clear that it is not a server issue. So I have started to remove unessessary arguments from curl command responsible for downloading that archive.
That way I have found that problem was caused by curl -z argument! :oops:

So I have edited sa-update file, on line 1472 and commented statement responsible or adding -z argument:

Code: Select all

    #push(@args, '-z', $out_fname_short)  if $out_fname_exists && !$force_reload;
Saved and restarted sa-update via:

Code: Select all

. /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate
All is working fine now and amavisd started successfully!

Enjoy zimbra with antispam protection enabled.... :P

It tooks me 3 hours to figure it :evil:

Regards,

Peter

Post Reply