Report: Denial of Service attack in message!

Wed May 16 16:33:56 IST 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Steen wrote:
> On 16/05/07, Norbert Schmidt <norbert.schmidt at interactivedata.com> wrote:
>> Hi Jules,
>>
>> the Value for "Virus Scanner Timeout" was still on the old standard (I
>> belive) 30 seconds. I haven't changed that, but I've changed the version
>> of clamav due to regular updates. This must have let to the problem. 
>> I've
>> now raised the timeout to 300 seconds and all is quiet now.
>>
>> I think there is a big problem with the classification as "Denial of
>> service attack" when the virusscanner times out because all messages in
>> that batch are marked as "containing a virus" and thus are thrown away.
>> This can lead to loss of a lot of legitimate mail that happened to be in
>> the same batch with a mail containing a "Denial of service attack".  I
>> guess an option, to control this behaviour would be usefull.
>>
>> I do not have the Mail::ClamAV module installed but will do so now.
>>
>> This leads me to a question... Is it better to upgrade MailScanner or is
>> it better to install the new version each time?
>> We've been using MailScanner for the last 3 years now. I didn't go thru
>> every version, but always skipped a few as it is always quite some 
>> hassel
>> to go thru all options and set them up appropriate. Is there a way to 
>> set
>> the seldom changed options like Company name, webpage etc. So after an
>> update these things stay the same...
>>
>> Thanks for your help
>>
>> Norbert
>
> AFAIK you should be fine with upgrading as long as you remember to go
> through with the upgrade_MailScanner_conf and upgrade_languages_conf
> scripts.
> Has worked very nicely for me so far (some years, rather many
> versions:-). BTW, my setting for that timeout is 300, without any
> intervention from me, other than the scripts(possibly);-).
> Use "MailScanner --changed" after an upgrade to see what defaults
> you've deviated from... This is a good way to see/fix the changes to
> the defaults that the upgrade scripts _might_ miss...
If the default values change, the upgrade scripts can't distinguish this 
situation from the situation where you have changed a value. The upgrade 
scripts use nothing more than the contents of the 2 files you supply on 
the command line. They have no other knowledge at all. As a result they 
can upgrade or downgrade from any version to any other version. 
Incidentally upgrade_MailScanner_conf and upgrade_languages_conf are 
actually the same script, one is a soft-link to the other :-)

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1

wj8DBQFGSyUFEfZZRxQVtlQRAklzAKD4tLzvBG2GkiwCi3juMWKihkP6ewCgvUdb
nnLf268A+jdEuV25tYCMbFs=
=B8pQ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk