MailScanner marks messages as DOS attact

Mark Sapiro mark at
Sat Mar 22 17:52:25 GMT 2014

On 03/22/2014 10:12 AM, simon at wrote:
> after more investigation i realized the following..
> many of the users have subscribed to google groups ..
> now when a email is received from a user who belongs to the same group as
> our users belong maybe about 15 to 20 messages are marked clean ..
> subsequent messages are being marked with RED and the details page shows
> denial of service attack.
> Also the System becomes very slow as MailScanner consumes the entire CPU
> and also the outgoin email takes long time to reach the recipent.
> it remains in the incomming queue for a long time.. maybe 10 to 15 min at
> times

I'm not sure what the underlying issue is in this case, but looking at
the code I think that the DOS attack is raised when one of your virus
scanners times out on a message. You might try looking at logs to see if
you can determine why this happens.

As a workaround, you could establish a "Virus Scanning" ruleset to skip
virus scanning for these messages. See

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list