antivirus timeout = Denial of Service
Nerijus Baliunas
nerijusb at dtiltas.lt
Tue Jun 12 21:50:49 IST 2007
On Tue, 12 Jun 2007 15:13:14 +0100 Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
> Just increase the timeout.
It's already 300 (5 minutes) and I am afraid to increase it more.
What I'd like is to either have a configuration option how to deal with such
situation, or treat it like when Bad Filename is detected - i.e. deliver message
w/o attachment and quarantine it. Because now the whole message is lost
which is not good.
Nerijus
> Nerijus Baliunas wrote:
> > Hello,
> >
> > I got a message form MailScanner to postmaster with Subject Virus Detected:
> > Sender: xxx at example.com
> > IP Address: 216.82....
> > Recipient: xxx at example.lt
> > Subject: Lenny order
> > MessageID: 3EFAE8044D.484E7
> > Quarantine:
> > Report: Denial of Service attack in message!
> >
> > I looked in the maillog and found this:
> >
> > Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out!
> > Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out
> > Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7
> >
> > Does it mean the message has been dealt as infected by virus and was deleted?
> > I will move to clamd, but is it possible to allow the messages to be delivered when
> > antivirus timeouts?
> >
> > Regards,
> > Nerijus
More information about the MailScanner
mailing list