strange maillog entries plus DoS messages in maillog

Derek Catanzaro derek at adcatanzaro.com
Wed Aug 30 19:22:27 IST 2006


I have included portions of my log where it shows that it is extracting 
java classes.  I have never seen this before in any of my logs and I'm 
trying to figure out why this is happening?  I have also included the 
DoS message that is being logged.  Has anyone ever seen this type of 
activity on their servers???

MailScanner version 4.49.7
Fedora Core 2
0.17    Mail::ClamAV

---- snip ---- 
Aug 30 12:45:05 mailserver MailScanner[6552]: Virus Scanning: Denial Of Service attack detected! 

----- snip ------
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/UTF8Recognizer.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XCatalog$Parser$Resolver.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XCatalog$Parser.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XCatalog.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/xcatalog.dtd   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLCatalogHandler.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLDeclRecognizer.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityHandler$CharBuffer.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityHandler$CharDataHandler.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityHandler$DTDHandler.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityHandler$EntityReader.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityHandler.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityReader.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/readers/XMLEntityReaderFactory.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/Base64.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/CharDataChunk.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/ChunkyByteArray.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/ChunkyCharArray.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/Hash2intTable.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/HexBin.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/ImplementationMessages.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/ISO8601Format.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/NamespacesScope$NamespacesHandler.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/NamespacesScope.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/QName.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/BMPattern.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Match.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$CharOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$ChildOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$ConditionOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$ModifierOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$RangeOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$StringOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op$UnionOp.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Op.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/ParseException.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/ParserForXMLSchema.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/RangeToken.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/RegexParser$ReferencePosition.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/RegexParser.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/RegularExpression$Context.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/RegularExpression.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/REUtil.class   
Aug 30 12:44:10 mailserver MailScanner[6552]:  extracting: 
org/apache/xerces/utils/regex/Token$CharToken.class  

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list