'DoD detected!' prohibits mailprocessing

[Hartmut Goebel]

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

Hartmut Goebel schrieb:

> Okay, we solved the problem. It was the Virus-DB which has not been 

Hallooed to early :-(

We dropped in the quarantined messages to get them processed, and the 
same problem occurs again. But this time, if the virus-scanner get's 
called stand-alone, it works. (This has not been the case earlier.)

Ths logfiles show 5 scanning-processes to be started, all of which start 
a virus-scanner. Scanner TImeout is 5 Minutes, and after these 5 Minutes 
I get 5 'DoS detected' messages. 5 Minutes later the same and so on.

There are no new 'Batch started' messages nor other messages like 'This 
message contined the DoS'.

On this gateway, there is F-Secure running which is installed as 
described by the F-Secure installation manual. 'fsav' will be called 
with '--archive --mime--dumb --archive'. System is a RedHat Linux 9.

Is there a way to find out which messages are currently processed (say: 
which messages cause the DoS)?
What other information do you need for analyzing the problem?

-- 
Schönen Gruß - Regards
Hartmut Goebel

| Hartmut Goebel             | IT-Security -- effizient |
| h.goebel at goebel-consult.de | www.goebel-consult.de    |

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!