clamd DoS?
Randal, Phil
prandal at herefordshire.gov.uk
Wed Sep 17 09:57:38 IST 2008
>From the ClamAV-users mailing list:
"Hi all,
This is been worked around with a signature update (daily 8262).
A definitive (in-the-code) solution will be inculded in 0.94.1
Thanks everyone,
-aCaB"
Cheers,
Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Raymond
Dijkxhoorn
Sent: 16 September 2008 11:59
To: MailScanner discussion
Subject: Re: clamd DoS?
Hi!
>> I was seeing a number of spam messages coming in w/the subject
>> "Credit card transaction report". Every now and then one would get
>> tagged as a virus, but most weren't. However, I went into MailWatch,
>> selected one that wasn't marked as viral and saved the attached
>> Report.zip to my linux workstation. Ark extracted the file
>> report.doc.exe. I kicked off top in a term window, opened another
>> terminal and ran 'clamscan report.doc.exe'. W/in a couple seconds
CPU utilization was pegged.
>>
>> I'm running plain old clamav, not clamscan or clamd.
>>
>> Not much to go on, but maybe this will help a bit...
> Ooh, can you post this on the web somewhere and tell me the URL so I
> can fetch this file and construct a message round it for testing?
The guys @ ClamAV are also looking into this (Thanks Luca!)
Bye,
Raymond.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list