antivirus timeout = Denial of Service

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jun 12 15:13:14 IST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just increase the timeout.

Nerijus Baliunas wrote:
> Hello,
>
> I got a message form MailScanner to postmaster with Subject Virus Detected:
>     Sender: xxx at example.com
> IP Address: 216.82....
>  Recipient: xxx at example.lt
>    Subject: Lenny order
>  MessageID: 3EFAE8044D.484E7
> Quarantine: 
>     Report: Denial of Service attack in message!
>
> I looked in the maillog and found this:
>
> Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out!
> Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out
> Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7
>
> Does it mean the message has been dealt as infected by virus and was deleted?
> I will move to clamd, but is it possible to allow the messages to be delivered when
> antivirus timeouts?
>
> Regards,
> Nerijus
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1

wj8DBQFGbqoQEfZZRxQVtlQRAlP2AJ9nr9Ke34LEDtQ0tivCh+wG0CmKGgCg50RI
YqmN1GgXRiTgeD/f0aDnIN8=
=rHE3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list