'DoD detected!' prohibits mailprocessing

Julian Field mailscanner at ecs.soton.ac.uk
Sat Nov 20 12:18:09 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hartmut Goebel wrote:

> Hi,
>
> Hartmut Goebel schrieb:
>
>> Okay, we solved the problem. It was the Virus-DB which has not been
>
>
> Hallooed to early :-(
>
> We dropped in the quarantined messages to get them processed, and the
> same problem occurs again. But this time, if the virus-scanner get's
> called stand-alone, it works. (This has not been the case earlier.)
>
> Ths logfiles show 5 scanning-processes to be started, all of which
> start a virus-scanner. Scanner TImeout is 5 Minutes, and after these 5
> Minutes I get 5 'DoS detected' messages. 5 Minutes later the same and
> so on.
>
> There are no new 'Batch started' messages nor other messages like
> 'This message contined the DoS'.
>
> On this gateway, there is F-Secure running which is installed as
> described by the F-Secure installation manual. 'fsav' will be called
> with '--archive --mime--dumb --archive'. System is a RedHat Linux 9.
>
> Is there a way to find out which messages are currently processed
> (say: which messages cause the DoS)?
> What other information do you need for analyzing the problem?
>
After it gets the first DoS report, it goes through the messages in the
batch and scans them one by one to work out exactly which message called
the problem. So it does that for you already :-)
Take a look at the logs and hopefully it will tell you (2nd time round
on the batch) which message caused it. You might try running in Debug
mode so that it's easier to see what's going on, as then there will only
be 1 MailScanner process running.

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list