Denial Of Service Attack Messages

Jerry Benton jerry.benton at mailborder.com
Sun May 29 10:26:05 UTC 2016


With v5.0.2-1 and the Incoming Work User set to clamav (or whatever it is for your system) I have not seen any more failures where a process was killed. I also set work permissions to 0660 and the incoming work group to mtagroup making sure that postfix, clam, etc. users are in the group. I also allow supplementary groups in clamd.conf.

Side note: I am not seen any errors where clam was unable to read the .header for extracted files anymore either. 



-
Jerry Benton
www.mailborder.com



> On May 27, 2016, at 11:57 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
> On 05/24/2016 02:27 PM, Steven Jardine wrote:
>> I would say that 25% of the disarm messages were
>> 
>> Content Checks: Detected and have disarmed KILLED tags in HTML message...
>> 
>> and they produced the Denial Of Service Attack messages.
>> 
>> The others look like this:
>> 
>> Content Checks: Detected and have disarmed phishing tags in HTML message
>> ...
> 
> 
> OK, so it fails intermittently, about 25% of the time.
> 
> 
>> I have no idea why there would be any kind of permission error.  If my
>> permissions weren't set right I would be having all kinds of errors, right?
> 
> 
> I would think so, but the latest v5.0.2-1 version
> <https://www.mailscanner.info/downloads/> has some changes in the
> permissions used for temp work files and may help. I suggest you try
> this one and report what happens with it.
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 



More information about the MailScanner mailing list