DoS lack of logs

[shuttlebox]

On 10/23/06, Jim Holland <mailscanner at mango.zw> wrote:
> Sorry - I missed your reply earlier.
>
> Check your /usr/lib/MailScanner/MailScanner/SweepViruses.pm file.  It
> should have the following code in it:
>
>         MailScanner::Log::WarnLog("Virus Scanning: Denial Of Service " .
>                                   "attack is in message %s", $id);
>
> I am running MailScanner version 4.56.1 but have not checked out version
> 4.56.8.
>
> The new method of processing will in fact give two reports in the log file
> AFAIK - first the initial "Virus Scanning: Denial Of Service" when there
> is a problem with a batch.  That will not identify the individual problem
> message.  Then MailScanner will process the messages singly, and only if
> it fails to process one of the messages in the batch will it give the more
> explicit message.  It will then quarantine that problem message so it
> doesn't delay the rest of the mail.  I suspect that in your case when
> MailScanner reverted to individual message processing there was no further
> problem, the mail was processed OK, and so there was no need to log
> anything more in the log file.  Under earlier versions the same batch
> would be processed over and over.

I do indeed have that line in SweepViruses.pm and this weekend I got a
message that was quarantined so it's all working properly. Before I
upgraded MS I had some problems with DoS attacks and lowered the scan
timeout to 120 seconds, I think that might have been too low and
caused a DoS message logged and then when scanned individually the
message passed.

Thanks for clearing that up for me.

-- 
/peter