Denial Of Service Attack Messages
Jerry Benton
jerry.benton at mailborder.com
Sun May 29 10:26:05 UTC 2016
With v5.0.2-1 and the Incoming Work User set to clamav (or whatever it is for your system) I have not seen any more failures where a process was killed. I also set work permissions to 0660 and the incoming work group to mtagroup making sure that postfix, clam, etc. users are in the group. I also allow supplementary groups in clamd.conf.
Side note: I am not seen any errors where clam was unable to read the .header for extracted files anymore either.
-
Jerry Benton
www.mailborder.com
> On May 27, 2016, at 11:57 PM, Mark Sapiro <mark at msapiro.net> wrote:
>
> On 05/24/2016 02:27 PM, Steven Jardine wrote:
>> I would say that 25% of the disarm messages were
>>
>> Content Checks: Detected and have disarmed KILLED tags in HTML message...
>>
>> and they produced the Denial Of Service Attack messages.
>>
>> The others look like this:
>>
>> Content Checks: Detected and have disarmed phishing tags in HTML message
>> ...
>
>
> OK, so it fails intermittently, about 25% of the time.
>
>
>> I have no idea why there would be any kind of permission error. If my
>> permissions weren't set right I would be having all kinds of errors, right?
>
>
> I would think so, but the latest v5.0.2-1 version
> <https://www.mailscanner.info/downloads/> has some changes in the
> permissions used for temp work files and may help. I suggest you try
> this one and report what happens with it.
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
More information about the MailScanner
mailing list