email tagged as Denial of Service but not being saved

Julian Field mailscanner at ecs.soton.ac.uk
Fri Nov 1 21:43:20 GMT 2002


At 21:35 01/11/2002, you wrote:
>Thanks for the quick response!   Do I need to update anything or
>did my upgrade to 4.04-1 take care of it?

I'll be releasing an update for v3 and v4 in the next couple of days or so,
as I've got a couple of minor security fixes to publish which I have
back-ported to v3. The security issues have never been exploited by anyone,
so I would prefer to get them fixed before anyone else finds them.

I leave the commercial guys to delay fixing holes until they have been
found and exploited :-)

If it's really urgent, I can release earlier, but I would rather do some
more testing first.

>On Fri, 1 Nov 2002, Julian Field wrote:
> > Thanks for reporting that. It is now detecting and handling this correctly.
> >
> > At 19:54 01/11/2002, you wrote:
> > >I upgraded from Mailscanner 1.x to 4.03-1 three days ago.
> > >The new version(4.03-1) is working great as far as I can
> > >tell with the exception of one thing.
> > >
> > >The issue is that over the past three days I have seen four "Denial of
> > >Service" messages logged to syslog but no attachments or body messages are
> > >being saved.
> > >The user does get an email that says "look here" with the correct message
> > >ID as I would expect but the message(and message ID
> > >directory) are never created in the quarantine area.   Postmaster also
> > >does not get any email regarding the DoS message.  Syslog normally would
> > >show "Saved entire message" or "Saved infected "filename"" but nothing
> > >shows in syslog
> > >other than "Denial of Service attack in in message gXXXXXXXXXXX."
> > >I need to allow the end user the option of at least seeing the
> > >quarantined data even if it is a broken or does not contain a properly
> > >attached document.
> > >
> > >Has anyone seen this problem before?   From what I can tell, all virus
> > >infected files ARE being saved and logged properly.   I have increased the
> > >timeout TNEF timeout in hope that it will help in some fashion
> > >even though it has nothing to do with creating quarantined directories
> > >and email postmaster of a DoS message.
> > >
> > >I just put 4.04-1 earlier today.  I haven't seen any new DoS messages
> > >be tagged yet.
> > >
> > >Also.....
> > >Is there any way to prevent MailScanner from catching "external body"
> > >messages and tagging them?  I have seen a couple of other posts on
> > >the subject but nothing concrete on being a future release option.
> > >
> > >
> > >AIX 5.1-002, Perl 5.6.0, TNEF=internal, Mcafee, TNEF Timeout = 120,
> > >Scanner Timeout=300,Quarantine Infections = yes, Quarantine Whole Message
> > >= yes
> > >
> > >
> > >Thanks in advance,
> > >
> > >Robert
> >
> > --
> > Julian Field                Teaching Systems Manager
> > jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> > Tel. 023 8059 2817          University of Southampton
> >                              Southampton SO17 1BJ
> >

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list