DOS and Oversized Zip

Stephen Swaney steve.swaney at FSL.COM
Mon Feb 23 21:15:35 GMT 2004


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of MailScanner Mailbox
> Sent: Monday, February 23, 2004 1:11 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: DOS and Oversized Zip
>
> Hello All
>
> I think that this may be a clamav problem rather then a mailscanner
> problem but I am not 100% sure. I am running MailScanner 4.22-4 and clamav
> 0.67.
>
> It seems that recently I am getting many many emails turned away with the
> message "Denial of Service attack in message!"  It seems to be caused by a
> zipfile that expands many times it's zipped size, (isn't this the purpose
> of zipping a file)?
>
> Anyways, there is some info I googled that mentions editing the scanners.c
> file (specifically "ZIPOSDET") to increase the value. I don't see that
> option available in clamav 0.67 so perhaps it is something I can set
> within the mailscanner config file?
>

There was a problem with the maximum size of a zip file in CalmAV -0.66 but
according to the archives this was fixed in ClamAV 0.66 and scanners.c is no
longer configurable.

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney at FSL.com

> I have confirmed that the file being sent is a zip file containing 3 txt
> files (one of them is 5mb) and it compresses down to 220kb.
>
> Any and all help concerning this is most appreciated.
>
> Rick
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by Fortress Secure Mail Gateway
and was found to be clean.

Fortress Systems Ltd. - http://www.fsl.com



More information about the MailScanner mailing list