(no subject)

Ralph Bornefeld-Ettmann ilikeuce at bornefeld-ettmann.de
Tue Dec 22 08:10:08 GMT 2009

Am 22.12.2009 02:24, schrieb Vernon Webb:
> Lately I have been getting these messages from MailSacnner. Can anyone tell
> me what this means and who to stop it. I suppose I should mention that I
> know these emails are liget.
> MailScanner was attacked by a Denial Of Service attack, and has therefore
> deleted this part of the message. Please contact your e-mail providers for
> more information if you need it, giving them the whole of this report.
> Attack in:
> /var/spool/MailScanner/incoming/30160/nBM1BPFZ031124/nmsg-30160-10.html
> Thanks


22. Why doesn't MailScanner support virus scanning daemons?

4. What happens to these daemons when they are attacked with a Denial Of
Service attack such as the now notorious "Zip Of Death"? If you haven't
come across it, it is a 42kbytes zip file which expands to 1 million
files with a total of 49,000 Tbytes. Throw any normal virus scanner at
this and it will either crash or (more likely) just never return, as it
desperately tries to unpack the zip file. If the virus scanner is a
daemon over which MailScanner has no control, then all your incoming
mail will be blocked. This is what happens with virtually all email
virus scanners and daemonized file scanners. However, MailScanner
recognises denial of service attacks like this, handles them tidily and
quickly and disinfects the email message successfully. It can only do
this as it has complete control over the virus scanner process.

but can also be a ressource issue :


A mail log snippet could be helpful.


More information about the MailScanner mailing list