clamd DoS?

Raymond Dijkxhoorn raymond at
Mon Sep 15 11:30:17 IST 2008


> anyone else getting hammered by Trojan.Autorun-285 making clamd suck up CPU 
> cycles? Given enough of these trojans (~10) I'm seeing timeouts from clamd.
> The tell tale sign is huge increase in cpu usage as clamd hogs the 
> processors.
> I'm using 0.93.3 and MS 4.68.8 (both to be upgraded in a couple of weeks).

Yes, and there is also messages breaking MS currently. We are looking to 
get some files over to Julian.

[root at mx100 1KfAVc-0005nv-3m]# unzip
   inflating: contract_I1.doc.exe

Stuff like that is keeping the CPU busy and after a while we see:

Sep 15 11:49:59 mx100 MailScanner[19081]: Commercial scanner clamd timed 
Sep 15 11:49:59 mx100 MailScanner[19081]: clamd: Failed to complete, timed 
Sep 15 11:49:59 mx100 MailScanner[19081]: Virus Scanning: Denial Of 
Service attack detected!

So no, you ar enot the only one. We see this on multiple clusters running 


More information about the MailScanner mailing list