strange maillog entries plus DoS messages in maillog

René Berber r.berber at
Wed Aug 30 20:17:15 IST 2006

Derek Catanzaro wrote:

> I have included portions of my log where it shows that it is extracting
> java classes.  I have never seen this before in any of my logs and I'm
> trying to figure out why this is happening?  I have also included the
> DoS message that is being logged.  Has anyone ever seen this type of
> activity on their servers???

Yes, once, and it also was a jar file.

Jars sometimes have too many directory levels or files and that trips the clamav
alarm.  It is a false positive, and we have some control with the clamav-module
parameters (timeout, max levels, max files, max compression), also by not
scanning big files.
René Berber

More information about the MailScanner mailing list