Clamav + Mailscanner: Denial of Service Attack in message

Glenn Steen glenn.steen at
Tue Oct 5 13:24:20 IST 2010

On 1 October 2010 12:22, Rainer Blaes <Rainer.Blaes at> wrote:
> Dear all,
> we are sending during the night some text based notifications to hundreds of
> users.
> When we  enable virus scanning by Clamav 0.96 there are a lot of messages in
> the log
> saying
> Virus Scanning: Denial of Service attack in message
> From the list we learnt that this could be (is) a server's  resource problem
> ie
> setting Virus Scanner Timeout to 600 and/or using clamdscan instead of
> clamscan
> in the wrapper script should solve our problem. This we will check in the
> night.

No, the recommendation these days (and for a while now) is to use the
clamd virus scanner, not clamscan or some unsupported clamdscan
"fix"... nor is ClamAVModule prefered. In stall/configure clamd as
detailed in the wiki page
.... if, like me, you use a source package install of ClamAV (I use
Jules repackaging), one has to adapt the wikipage info a bit, but most
should be easily deducable:-).

> Only to understand:
> Why does Mailscanner has this DOS Attack Protection for OUTGOING mails
> what's the reason for, for INCOMING mails it is obvious respectively is
> there a
> config parameter to stop scanning OUTGOING mails?

MailScanner has no notion of "incoming" or "outgoing" mail, unless you
explicitly teach it the difference. You can do that by way of some
well-placed rulesets... as an example: I "whitelist" my internal
MTAs/mailstores IP address wrt spam, but I still do virus scanning.
This way I can be fairly sure I don't send viruses, but I have no clue
as to whether my users spam the world (well, actually I do, but not
from that:-).

> Thanks for any hint!
> Rainer
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list