clamd DoS?

Randal, Phil prandal at herefordshire.gov.uk
Wed Sep 17 09:57:38 IST 2008


>From the ClamAV-users mailing list:

"Hi all,
This is been worked around with a signature update (daily 8262).
A definitive (in-the-code) solution will be inculded in 0.94.1

Thanks everyone,
-aCaB"

Cheers,

Phil

--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Raymond
Dijkxhoorn
Sent: 16 September 2008 11:59
To: MailScanner discussion
Subject: Re: clamd DoS?

Hi!

>> I was seeing a number of spam messages coming in w/the subject 
>> "Credit card transaction report".  Every now and then one would get 
>> tagged as a virus, but most weren't.  However, I went into MailWatch,

>> selected one that wasn't marked as viral and saved the attached 
>> Report.zip to my linux workstation.  Ark extracted the file 
>> report.doc.exe.  I kicked off top in a term window, opened another 
>> terminal and ran 'clamscan report.doc.exe'.  W/in a couple seconds
CPU utilization was pegged.
>> 
>> I'm running plain old clamav, not clamscan or clamd.
>> 
>> Not much to go on, but maybe this will help a bit...

> Ooh, can you post this on the web somewhere and tell me the URL so I 
> can fetch this file and construct a message round it for testing?

The guys @ ClamAV are also looking into this (Thanks Luca!)

Bye,
Raymond.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


More information about the MailScanner mailing list