clamd DoS?
Raymond Dijkxhoorn
raymond at prolocation.net
Mon Sep 15 11:30:17 IST 2008
Hi!
> anyone else getting hammered by Trojan.Autorun-285 making clamd suck up CPU
> cycles? Given enough of these trojans (~10) I'm seeing timeouts from clamd.
>
> The tell tale sign is huge increase in cpu usage as clamd hogs the
> processors.
>
> I'm using 0.93.3 and MS 4.68.8 (both to be upgraded in a couple of weeks).
Yes, and there is also messages breaking MS currently. We are looking to
get some files over to Julian.
[root at mx100 1KfAVc-0005nv-3m]# unzip contract_I1.zip
Archive: contract_I1.zip
inflating: contract_I1.doc.exe
Stuff like that is keeping the CPU busy and after a while we see:
Sep 15 11:49:59 mx100 MailScanner[19081]: Commercial scanner clamd timed
out!
Sep 15 11:49:59 mx100 MailScanner[19081]: clamd: Failed to complete, timed
out
Sep 15 11:49:59 mx100 MailScanner[19081]: Virus Scanning: Denial Of
Service attack detected!
So no, you ar enot the only one. We see this on multiple clusters running
MS.
Bye,
Raymond.
More information about the MailScanner
mailing list