Report: Denial of Service attack in message!

Neil Wilson neilw at dcdata.co.za
Thu Mar 15 16:04:40 CET 2007


Hi guys,

One of my clients is seeing quite a few "Report: Denial of Service attack in message!" in 
Mailwatch.

MailScanner is blocking these as "Anti-Virus/Dangerous Content Protection Virus:  Y"

The mails aren't being quarantined and bounced messages aren't being sent as I have 
notifications for virus mails turned off.

Below is taken out of my email logs.

Mar 14 14:59:50 mailgw MailScanner[6532]: Message 9615852E74.05ADD from
192.168.8.2 (patdewe at clientsdomain.co.za) to blabla.co.za
Mar 14 15:30:31 mailgw MailScanner[6532]: Virus Scanning: Denial Of
Service attack is in message 9615852E74.05ADD
Mar 14 15:30:32 mailgw MailScanner[6532]: Infected message

The mails are legitimate and it doesn't look like there is anything fishy about them.

Why are these getting blocked, how can I stop these, and what check in MailScanner handles 
these as I've looked through all of the checks and the only thing I can find regarding 
"Denial of service" is "TNEF Expander = /usr/bin/tnef --maxsize=100000000", but this by 
default is set to nearly 100MB if my calculations are right, and these mails are no where 
near this size.

Thanks any help will be appreciated.

Regards.

Neil

-- 
This email and all contents are subject to the following disclaimer:
http://www.dcdata.co.za/emaildisclaimer.html



More information about the MailScanner mailing list