'DoD detected!' prohibits mailprocessing

Alex Neuman van der Hans alex at nkpanama.com
Fri Nov 19 14:22:21 GMT 2004 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Have you tried disabling f-secure, at least temporarily, and using ClamAV
and/or BitDefender instead, at least to check whether it's fsecure that's
causing (or being affected) by the problem?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Hartmut Goebel
Sent: Friday, November 19, 2004 8:52 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: 'DoD detected!' prohibits mailprocessing

Hi,

Hartmut Goebel schrieb:

> Okay, we solved the problem. It was the Virus-DB which has not been

Hallooed to early :-(

We dropped in the quarantined messages to get them processed, and the same
problem occurs again. But this time, if the virus-scanner get's called
stand-alone, it works. (This has not been the case earlier.)

Ths logfiles show 5 scanning-processes to be started, all of which start a
virus-scanner. Scanner TImeout is 5 Minutes, and after these 5 Minutes I get
5 'DoS detected' messages. 5 Minutes later the same and so on.

There are no new 'Batch started' messages nor other messages like 'This
message contined the DoS'.

On this gateway, there is F-Secure running which is installed as described
by the F-Secure installation manual. 'fsav' will be called with '--archive
--mime--dumb --archive'. System is a RedHat Linux 9.

Is there a way to find out which messages are currently processed (say: 
which messages cause the DoS)?
What other information do you need for analyzing the problem?

--
Schönen Gruß - Regards
Hartmut Goebel

| Hartmut Goebel             | IT-Security -- effizient |
| h.goebel at goebel-consult.de | www.goebel-consult.de    |

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list