Mailscanner dies
Mirko Bovati
bovati at MONDADORI.COM
Tue Oct 29 08:54:39 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello *,
MailScanner-4.03-1, when it meet a vired attach named with a name starting
with a space, it dies.
The same behaviour there was with version 3.
so I thing this may be a possible Dos.
mirko
Oct 29 07:28:08 aurora MailScanner[14250]: MailScanner
Oct 29 07:28:08 aurora MailScanner[14250]: MailScanner E-Mail Virus Scanner
version 4.03-1 starting...
Oct 29 07:28:08 aurora MailScanner[14250]: Using locktype = flock
Oct 29 09:28:09 aurora sendmail[14252]: g9T8S9L14252:
from=<mirko at aurora.lorenzo.com>, size=328245, class=0, nrcpts=1,
msgid=<200210290828.g9T8S9L14252 at aurora.lorenzo.com>, proto=SMTP, daemon=MTA,
relay=[192.168.36.81]
Oct 29 07:28:13 aurora MailScanner[14250]: New Batch: Scanning 1 messages,
328709 bytes
Oct 29 07:28:13 aurora MailScanner[14250]: Virus and Content Scanning:
Starting
Oct 29 07:28:14 aurora MailScanner[14250]: /g9T8S9L14252/ corponew.doc
Found the W97M/Thus.gen virus !!!
Oct 29 07:28:14 aurora MailScanner[14250]: Virus Scanning: mcafee found 1
infections
Oct 29 07:28:14 aurora MailScanner[14250]: Virus Scanning: Found 1 viruses
Oct 29 07:28:14 aurora MailScanner[14250]: Saved infected " corponew.doc" to
/var/spool/MailScanner/quarantine/20021029/g9T8S9L14252
Oct 29 07:28:14 aurora MailScanner[14250]: Cleaned: Delivered 1 cleaned
messages
Oct 29 09:28:14 aurora sendmail[14259]: g9T8SEk14259: from=<>, size=620,
class=0, nrcpts=1, msgid=<200210290828.g9T8SEk14259 at aurora.lorenzo.com>,
relay=root at localhost
Oct 29 09:28:14 aurora sendmail[14258]: g9T8S9L14252:
to=<mirko at aurora.lorenzo.com>, ctladdr=<mirko at aurora.lorenzo.com> (500/500),
delay=00:00:05, xdelay=00:00:00, mailer=local, pri=448245, dsn=2.0.0,
stat=Sent
Oct 29 07:28:14 aurora MailScanner[14250]: Sender Warnings: Delivered 1
warnings to virus senders
Oct 29 09:28:14 aurora sendmail[14266]: g9T8SE314266: from=postmaster,
size=443, class=0, nrcpts=1,
msgid=<200210290828.g9T8SE314266 at aurora.lorenzo.com>, relay=root at localhost
Oct 29 09:28:14 aurora sendmail[14264]: g9T8SEk14259:
to=mirko at aurora.lorenzo.com, delay=00:00:00, xdelay=00:00:00, mailer=local,
pri=30620, dsn=2.0.0, stat=Sent
Oct 29 07:28:14 aurora MailScanner[14250]: Notices: Warned about 1 messages
Oct 29 07:28:14 aurora MailScanner[14250]: Disinfection: Attempting to
disinfect 1 messages
Oct 29 09:28:14 aurora sendmail[14269]: g9T8SE314266: to=root, delay=00:00:00,
xdelay=00:00:00, mailer=local, pri=30443, dsn=2.0.0, stat=Sent
read-open corponew.doc: No such file or directory at
/usr/lib/perl5/site_perl/5.6.1/MIME/Body.pm line 417.
Oct 29 07:28:15 aurora MailScanner[14250]: Disinfection: Rescan found only 0
viruses
Oct 29 09:28:16 aurora sendmail[14273]: g9T8SG914273: from=postmaster,
size=916, class=0, nrcpts=1,
msgid=<200210290828.g9T8SG914273 at aurora.lorenzo.com>, relay=root at localhost
Oct 29 09:28:16 aurora sendmail[14276]: g9T8SG914273:
to=mirko at aurora.lorenzo.com, delay=00:00:00, xdelay=00:00:00, mailer=local,
pri=30916, dsn=2.0.0, stat=Sent
Oct 29 07:28:18 aurora MailScanner[14279]: MailScanner
Oct 29 07:28:18 aurora MailScanner[14279]: MailScanner E-Mail Virus Scanner
version 4.03-1 starting...
Oct 29 07:28:18 aurora MailScanner[14279]: Using locktype = flock
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9vkzVmXvUZ7obFPgRAgBPAJ4tDBpKtoAVmVIjKGWSwD8NlBYBagCfQSq3
tgfwcu3xz84csolW4obhQk4=
=EmDb
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list