antivirus timeout = Denial of Service

Nerijus Baliunas nerijusb at dtiltas.lt
Tue Jun 12 21:50:49 IST 2007


On Tue, 12 Jun 2007 15:13:14 +0100 Julian Field <MailScanner at ecs.soton.ac.uk> wrote:

> Just increase the timeout.

It's already 300 (5 minutes) and I am afraid to increase it more.
What I'd like is to either have a configuration option how to deal with such
situation, or treat it like when Bad Filename is detected - i.e. deliver message
w/o attachment and quarantine it. Because now the whole message is lost
which is not good.

Nerijus

> Nerijus Baliunas wrote:
> > Hello,
> >
> > I got a message form MailScanner to postmaster with Subject Virus Detected:
> >     Sender: xxx at example.com
> > IP Address: 216.82....
> >  Recipient: xxx at example.lt
> >    Subject: Lenny order
> >  MessageID: 3EFAE8044D.484E7
> > Quarantine: 
> >     Report: Denial of Service attack in message!
> >
> > I looked in the maillog and found this:
> >
> > Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out!
> > Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out
> > Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7
> >
> > Does it mean the message has been dealt as infected by virus and was deleted?
> > I will move to clamd, but is it possible to allow the messages to be delivered when
> > antivirus timeouts?
> >
> > Regards,
> > Nerijus



More information about the MailScanner mailing list