clamd DoS?
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Sep 15 17:07:48 IST 2008
Raymond Dijkxhoorn wrote:
> Hi!
>
>> Also with ClamAV 0.94 and latest MS beta it breaks. We just upgraded.
>> I just ran the message with clamd and had no problems at all.
>>
>> At Mon Sep 15 16:29:30 2008 the virus scanner said:
>> Clamd: contract_I1.zip was infected: Trojan.Agent-49425=20
>>
>> # clamscan --version
>> ClamAV 0.94/8247/Mon Sep 15 13:04:53 2008
>
> We have 4 different site that are having all the same issue, with
> various versions of MailScanner. I dont know if we can test feeding it
> Clam directly. But inside MailScannner with ClamD running it really
> breaks. So strange.
In /usr/sbin/MailScanner there are a couple of calls to "Explode".
Immediately after them, add a line saying
exit;
and it will stop straight after the attachment unpacking.
Then you can go into /var/spool/MailScanner/incoming, find the relevant
directory and see what attachments it pulled out.
Then try clamscan-ing them by hand. If the attachments look okay in that
directory, then it's a clamd issue I think. I would be interested to see
what clamscan makes of them when run by hand.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list