Report: Denial of Service attack in message!
Julian Field
MailScanner at ecs.soton.ac.uk
Wed May 16 16:33:56 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Glenn Steen wrote:
> On 16/05/07, Norbert Schmidt <norbert.schmidt at interactivedata.com> wrote:
>> Hi Jules,
>>
>> the Value for "Virus Scanner Timeout" was still on the old standard (I
>> belive) 30 seconds. I haven't changed that, but I've changed the version
>> of clamav due to regular updates. This must have let to the problem.
>> I've
>> now raised the timeout to 300 seconds and all is quiet now.
>>
>> I think there is a big problem with the classification as "Denial of
>> service attack" when the virusscanner times out because all messages in
>> that batch are marked as "containing a virus" and thus are thrown away.
>> This can lead to loss of a lot of legitimate mail that happened to be in
>> the same batch with a mail containing a "Denial of service attack". I
>> guess an option, to control this behaviour would be usefull.
>>
>> I do not have the Mail::ClamAV module installed but will do so now.
>>
>> This leads me to a question... Is it better to upgrade MailScanner or is
>> it better to install the new version each time?
>> We've been using MailScanner for the last 3 years now. I didn't go thru
>> every version, but always skipped a few as it is always quite some
>> hassel
>> to go thru all options and set them up appropriate. Is there a way to
>> set
>> the seldom changed options like Company name, webpage etc. So after an
>> update these things stay the same...
>>
>> Thanks for your help
>>
>> Norbert
>
> AFAIK you should be fine with upgrading as long as you remember to go
> through with the upgrade_MailScanner_conf and upgrade_languages_conf
> scripts.
> Has worked very nicely for me so far (some years, rather many
> versions:-). BTW, my setting for that timeout is 300, without any
> intervention from me, other than the scripts(possibly);-).
> Use "MailScanner --changed" after an upgrade to see what defaults
> you've deviated from... This is a good way to see/fix the changes to
> the defaults that the upgrade scripts _might_ miss...
If the default values change, the upgrade scripts can't distinguish this
situation from the situation where you have changed a value. The upgrade
scripts use nothing more than the contents of the 2 files you supply on
the command line. They have no other knowledge at all. As a result they
can upgrade or downgrade from any version to any other version.
Incidentally upgrade_MailScanner_conf and upgrade_languages_conf are
actually the same script, one is a soft-link to the other :-)
Jules
- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1
wj8DBQFGSyUFEfZZRxQVtlQRAklzAKD4tLzvBG2GkiwCi3juMWKihkP6ewCgvUdb
nnLf268A+jdEuV25tYCMbFs=
=B8pQ
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list