Mailscanner marking DOS Attack on 2 different servers

James R. Stevens jstevens at ATHENSDISTRIBUTING.COM
Fri Jun 18 15:45:33 IST 2004 

All,

Here is a link to the info. Looks to be a wonderful Friday.

https://knowledgemap.nai.com/phpclient/viewkDoc.aspx?url=kb/kb_nai37117.xml&docType=DOC_KnowledgeBase&externalID=KB_nai37117

-----Original Message-----
From: Denis Beauchemin [mailto:Denis.Beauchemin at USHERBROOKE.CA] 
Sent: Friday, June 18, 2004 9:41 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Mailscanner marking DOS Attack on 2 different servers


Randal, Phil wrote:

>MailScanner mailing list wrote:
>  
>
>>>I have two different servers that just started developing problems 
>>>with mailscanner marking all inbound and outbound email a denial of 
>>>service attack.
>>>
>>>I've been searching the archives trying to figure out what could be 
>>>wrong, but can't really find anything. It seems that maybe it's 
>>>caused by a timeout on dns, but nothing has changed on these two 
>>>servers in many weeks.
>>>
>>>Where else could I start troubleshooting this?
>>>      
>>>
>>It may be that your virus scanner has packed up.
>>    
>>
>
>Good call!  If you're using a version of McAfee's uvscan which uses 
>scan engine 4.1.60 you'll be in trouble with this week's DAT files 
>(4367) and later.
>
>Solution is to update to the latest uvscan.
>
>Cheers,
>
>Phil
>  
>
It's working fine here with engine 4.3.20:
# uvscan --version
Virus Scan for Linux v4.32.0
Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights 
reserved.
(408) 988-3832  LICENSED COPY - Nov 27 2003

Scan engine v4.3.20 for Linux.
Virus data file v4367 created Jun 16 2004
Scanning for 92006 viruses, trojans and variants.

We've had reports yesterday of a couple Windows servers that ran an old 
version of McAfee that stopped working with the new DAT file.  Upgrading 
the McAfee software solved the problem.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list