Malware Tried to Kill MailScanner

Scott Silva ssilva at sgvwater.com
Thu Oct 11 18:43:16 IST 2012


on 10/11/2012 10:12 AM Timothy J. Barhorst spake the following:
> 
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Scott
> Silva
> Sent: Thursday, October 11, 2012 11:40 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Malware Tried to Kill MailScanner
> 
> on 10/11/2012 7:06 AM Timothy J. Barhorst spake the following:
>> Our Centos 5 - MailScanner 4.84.5-2 server was attacked last night 
>> with a message that tried to kill MailScanner.
>>
>> The message contained a .zip file with HTML.Phishing.Pay-6 infection.
>>
>>  
>>
>> Should this have happened? Is this a bug in MailScanner? Why would 
>> MailScanner crash?
>>
>>  
>>
>>  
> <snip>
>>> This happens when the processing takes too long to complete. Sometimes
> a deeply nested zip file, or other system >>processing. Usually the
> message gets quarantined after the processing attempts have reached the
> limit...
> 
> O.K. That makes sense.. Thanks.
> How do I stop the hourly MailScanner message that is telling me this
> happened?
> <below>
> 
> Archive:
> 
> Number of messages: 1
> Tries	Message	Last Tried
> =====	=======	==========
> 6	q9B6UwqI024249	Thu Oct 11 02:53:14 2012
> 
I usually have to delete the Processing.db in /var/spool/MailScanner/incoming
Stop MailScanner, delete, and restart... A new one will be created... I'm sure
there is some commandline magic to do this from inside MailScanner, and one of
the smarter people on here will hopefully chime in with it...






More information about the MailScanner mailing list