It seems that viruses CAN slip through MailScanner under high load!
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Aug 28 11:51:40 IST 2003
Okay, I've found it. It's a bug in the Denial-of-Service attack handling code.
Here is the patch to SweepViruses.pm, which will of course be included in
the next release.
--- SweepViruses.pm.old 2003-08-22 14:19:43.000000000 +0100
+++ SweepViruses.pm 2003-08-28 11:55:05.000000000 +0100
@@ -468,12 +468,12 @@
unless ($success) {
# Virus checking the whole batch of messages timed out, so now check them
# one at a time to find the one with the DoS attack in it.
- my $BaseDir = new DirHandle;
+ my $BaseDirH = new DirHandle;
MailScanner::Log::WarnLog("Virus Scanning: Denial Of Service attack " .
"detected!");
- $BaseDir->open('.')
+ $BaseDirH->open('.')
or MailScanner::Log::DieLog("Can't open directory for scanning 1
message, $!");
- while($id = $BaseDir->read()) {
+ while(defined($id = $BaseDirH->read())) {
next unless -d "$id"; # Only check directories
next if $id =~ /^\.+$/; # Don't check myself or my parent
# The "./" is important as it gets the path right for parser code
@@ -490,7 +490,7 @@
# No way here of incrementing the "otherproblems" counter. Ho hum.
}
}
- $BaseDir->close();
+ $BaseDirH->close();
}
# Add all the %Reports and %Types to the message batch fields
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list