clamd DoS?

Raymond Dijkxhoorn raymond at prolocation.net
Tue Sep 16 11:59:04 IST 2008


Hi!

>> I was seeing a number of spam messages coming in w/the subject "Credit
>> card transaction report".  Every now and then one would get tagged as a
>> virus, but most weren't.  However, I went into MailWatch, selected one
>> that wasn't marked as viral and saved the attached Report.zip to my
>> linux workstation.  Ark extracted the file report.doc.exe.  I kicked off
>> top in a term window, opened another terminal and ran 'clamscan
>> report.doc.exe'.  W/in a couple seconds CPU utilization was pegged.
>> 
>> I'm running plain old clamav, not clamscan or clamd.
>> 
>> Not much to go on, but maybe this will help a bit...

> Ooh, can you post this on the web somewhere and tell me the URL so I can 
> fetch this file and construct a message round it for testing?

The guys @ ClamAV are also looking into this (Thanks Luca!)

Bye,
Raymond.


More information about the MailScanner mailing list