Report: Denial of Service attack in message!
Norbert Schmidt
norbert.schmidt at interactivedata.com
Tue May 15 14:08:32 IST 2007
Hi,
I am seeing quite a few "Report: Denial of Service attack in message!" in
the logfiles.
The mails are quarantined since I selected to quarantine silent viruses.
May 15 13:52:52 localhost MailScanner[30916]: Virus and Content Scanning:
Starting
May 15 13:53:23 localhost MailScanner[30916]: Commercial scanner clamav
timed out!
May 15 13:53:23 localhost MailScanner[30916]: clamav: Failed to complete,
timed out
May 15 13:53:23 localhost MailScanner[30916]: Virus Scanning: Denial Of
Service attack detected!
May 15 13:53:54 localhost MailScanner[30916]: Commercial scanner clamav
timed out!
May 15 13:53:54 localhost MailScanner[30916]: clamav: Failed to complete,
timed out
May 15 13:53:54 localhost MailScanner[30916]: Virus Scanning: Denial Of
Service attack is in message 096EAC42EE.ABDA7
May 15 13:54:56 localhost MailScanner[30916]: Infected message
096EAC42EE.ABDA7 came from xxx.11.206.74
May 15 13:54:56 localhost MailScanner[30916]: HTML Img tag found in
message B34D6C441C.201C8 from cakrystyemi at iriomote.com
May 15 13:54:56 localhost MailScanner[30916]: <A> tag found in message
69E50C42EF.E6402 from
May 15 13:54:56 localhost MailScanner[30916]: Virus Scanning completed at
479 bytes per second
May 15 13:54:56 localhost MailScanner[30916]: Saved entire message to
/var/spool/MailScanner/quarantine/20070515/096EAC42EE.ABDA7
May 15 13:54:56 localhost MailScanner[30916]: Viruses marked as silent:
Denial of Service attack in message!
May 15 13:54:5
The mails are legitimate and it doesn't look like there is anything fishy
about them.
The server is not experiencing a very heavy load the problem comes up a
few minutes after the server is started.
I've got a second machine running an older version of Mailscanner (
4.55.10-3), which is also experiencing clamav time outs, but not marking
those mails as Viruses.
Is there any option I can set to still deliver these mails?
OS: Debian Sarge
Mailscanner Version is 4.57.6-1
Clamav Version is: 0.90.2-1+b1
Regards
Norbert
--
Norbert Schmidt | IT / Systems
Interactive Data Managed Solutions AG
----------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3972 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070515/c59537cc/smime.bin
More information about the MailScanner
mailing list