ClamScan Denial of Service attack
Tom G. Christensen
tgc at statsbiblioteket.dk
Wed Jul 18 09:23:13 IST 2007
Neil Wilson wrote:
> Hi guys,
>
> I've just had quite a serious problem with one of my clients which
> seemed to have been caused by Clamscan which rejected nearly all emails
> as "MailScanner[30767]: Virus Scanning: Denial Of Service attack detected!"
>
> It looks like it did this because we're using "clamav" as our virus
> scanner, and clamscan was killing the system rescources.
>
> The server is running "ClamAV 0.90.3/3691/Wed Jul 18 08:04:43 2007"
> which came with the Clam-SA-easy installation package.
>
It's been beaten to death already but clamav 0.90.x has a serious
performance issue when using clamscan due to very long signature DB load
times.
Upgrading to 0.91.1 will fix this and allow you to continue to use clamscan.
I recently upgraded two MailScanner gateways from clamav 0.88.7 to
0.91(.1) and this has lowered the cpu usage even though I continue to
use clamscan.
-tgc
More information about the MailScanner
mailing list