clamd DoS?
Raymond Dijkxhoorn
raymond at prolocation.net
Tue Sep 16 11:59:04 IST 2008
Hi!
>> I was seeing a number of spam messages coming in w/the subject "Credit
>> card transaction report". Every now and then one would get tagged as a
>> virus, but most weren't. However, I went into MailWatch, selected one
>> that wasn't marked as viral and saved the attached Report.zip to my
>> linux workstation. Ark extracted the file report.doc.exe. I kicked off
>> top in a term window, opened another terminal and ran 'clamscan
>> report.doc.exe'. W/in a couple seconds CPU utilization was pegged.
>>
>> I'm running plain old clamav, not clamscan or clamd.
>>
>> Not much to go on, but maybe this will help a bit...
> Ooh, can you post this on the web somewhere and tell me the URL so I can
> fetch this file and construct a message round it for testing?
The guys @ ClamAV are also looking into this (Thanks Luca!)
Bye,
Raymond.
More information about the MailScanner
mailing list