strange maillog entries plus DoS messages in maillog

[René Berber]

Derek Catanzaro wrote:

> I have included portions of my log where it shows that it is extracting
> java classes.  I have never seen this before in any of my logs and I'm
> trying to figure out why this is happening?  I have also included the
> DoS message that is being logged.  Has anyone ever seen this type of
> activity on their servers???

Yes, once, and it also was a jar file.

Jars sometimes have too many directory levels or files and that trips the clamav
alarm.  It is a false positive, and we have some control with the clamav-module
parameters (timeout, max levels, max files, max compression), also by not
scanning big files.
-- 
René Berber