Report: Denial of Service attack in message!

Glenn Steen glenn.steen at gmail.com
Wed May 16 11:20:02 IST 2007


On 16/05/07, Norbert Schmidt <norbert.schmidt at interactivedata.com> wrote:
> Hi Jules,
>
> the Value for "Virus Scanner Timeout" was still on the old standard (I
> belive) 30 seconds. I haven't changed that, but I've changed the version
> of clamav due to regular updates. This must have let to the problem. I've
> now raised the timeout to 300 seconds and all is quiet now.
>
> I think there is a big problem with the classification as "Denial of
> service attack" when the virusscanner times out because all messages in
> that batch are marked as "containing a virus" and thus are thrown away.
> This can lead to loss of a lot of legitimate mail that happened to be in
> the same batch with a mail containing a "Denial of service attack".  I
> guess an option, to control this behaviour would be usefull.
>
> I do not have the Mail::ClamAV module installed but will do so now.
>
> This leads me to a question... Is it better to upgrade MailScanner or is
> it better to install the new version each time?
> We've been using MailScanner for the last 3 years now. I didn't go thru
> every version, but always skipped a few as it is always quite some hassel
> to go thru all options and set them up appropriate. Is there a way to set
> the seldom changed options like Company name, webpage etc. So after an
> update these things stay the same...
>
> Thanks for your help
>
> Norbert

AFAIK you should be fine with upgrading as long as you remember to go
through with the upgrade_MailScanner_conf and upgrade_languages_conf
scripts.
Has worked very nicely for me so far (some years, rather many
versions:-). BTW, my setting for that timeout is 300, without any
intervention from me, other than the scripts(possibly);-).
Use "MailScanner --changed" after an upgrade to see what defaults
you've deviated from... This is a good way to see/fix the changes to
the defaults that the upgrade scripts _might_ miss...

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list