DOS and Oversized Zip

MailScanner Mailbox mailscan at PRIS.CA
Mon Feb 23 18:11:17 GMT 2004


Hello All

I think that this may be a clamav problem rather then a mailscanner
problem but I am not 100% sure. I am running MailScanner 4.22-4 and clamav
0.67.

It seems that recently I am getting many many emails turned away with the
message "Denial of Service attack in message!"  It seems to be caused by a
zipfile that expands many times it's zipped size, (isn't this the purpose
of zipping a file)?

Anyways, there is some info I googled that mentions editing the scanners.c
file (specifically "ZIPOSDET") to increase the value. I don't see that
option available in clamav 0.67 so perhaps it is something I can set
within the mailscanner config file?

I have confirmed that the file being sent is a zip file containing 3 txt
files (one of them is 5mb) and it compresses down to 220kb.

Any and all help concerning this is most appreciated.

Rick



More information about the MailScanner mailing list