clamd DoS?

Randal, Phil prandal at
Wed Sep 17 09:57:38 IST 2008

>From the ClamAV-users mailing list:

"Hi all,
This is been worked around with a signature update (daily 8262).
A definitive (in-the-code) solution will be inculded in 0.94.1

Thanks everyone,



Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Raymond
Sent: 16 September 2008 11:59
To: MailScanner discussion
Subject: Re: clamd DoS?


>> I was seeing a number of spam messages coming in w/the subject 
>> "Credit card transaction report".  Every now and then one would get 
>> tagged as a virus, but most weren't.  However, I went into MailWatch,

>> selected one that wasn't marked as viral and saved the attached 
>> to my linux workstation.  Ark extracted the file 
>> report.doc.exe.  I kicked off top in a term window, opened another 
>> terminal and ran 'clamscan report.doc.exe'.  W/in a couple seconds
CPU utilization was pegged.
>> I'm running plain old clamav, not clamscan or clamd.
>> Not much to go on, but maybe this will help a bit...

> Ooh, can you post this on the web somewhere and tell me the URL so I 
> can fetch this file and construct a message round it for testing?

The guys @ ClamAV are also looking into this (Thanks Luca!)

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list