DoS lack of logs
shuttlebox
shuttlebox at gmail.com
Mon Oct 23 09:51:08 IST 2006
On 10/23/06, Jim Holland <mailscanner at mango.zw> wrote:
> Sorry - I missed your reply earlier.
>
> Check your /usr/lib/MailScanner/MailScanner/SweepViruses.pm file. It
> should have the following code in it:
>
> MailScanner::Log::WarnLog("Virus Scanning: Denial Of Service " .
> "attack is in message %s", $id);
>
> I am running MailScanner version 4.56.1 but have not checked out version
> 4.56.8.
>
> The new method of processing will in fact give two reports in the log file
> AFAIK - first the initial "Virus Scanning: Denial Of Service" when there
> is a problem with a batch. That will not identify the individual problem
> message. Then MailScanner will process the messages singly, and only if
> it fails to process one of the messages in the batch will it give the more
> explicit message. It will then quarantine that problem message so it
> doesn't delay the rest of the mail. I suspect that in your case when
> MailScanner reverted to individual message processing there was no further
> problem, the mail was processed OK, and so there was no need to log
> anything more in the log file. Under earlier versions the same batch
> would be processed over and over.
I do indeed have that line in SweepViruses.pm and this weekend I got a
message that was quarantined so it's all working properly. Before I
upgraded MS I had some problems with DoS attacks and lowered the scan
timeout to 120 seconds, I think that might have been too low and
caused a DoS message logged and then when scanned individually the
message passed.
Thanks for clearing that up for me.
--
/peter
More information about the MailScanner
mailing list