clamd DoS?
Alex Broens
ms-list at alexb.ch
Tue Sep 16 12:41:33 IST 2008
On 9/16/2008 12:59 PM, Raymond Dijkxhoorn wrote:
> Hi!
>
>>> I was seeing a number of spam messages coming in w/the subject "Credit
>>> card transaction report". Every now and then one would get tagged as a
>>> virus, but most weren't. However, I went into MailWatch, selected one
>>> that wasn't marked as viral and saved the attached Report.zip to my
>>> linux workstation. Ark extracted the file report.doc.exe. I kicked off
>>> top in a term window, opened another terminal and ran 'clamscan
>>> report.doc.exe'. W/in a couple seconds CPU utilization was pegged.
>>>
>>> I'm running plain old clamav, not clamscan or clamd.
>>>
>>> Not much to go on, but maybe this will help a bit...
>
>> Ooh, can you post this on the web somewhere and tell me the URL so I
>> can fetch this file and construct a message round it for testing?
>
> The guys @ ClamAV are also looking into this (Thanks Luca!)
Luca rocks! (tell him this :-)
Today I saw more floods of randomly detected/bypassed MS and AV scanners
cases.
good thing there are other ways to catch & block or kill them :-)
Alex
More information about the MailScanner
mailing list