All Emails tagged as {VIRUS}
Warren Hillsdon
warren at scifioz.com
Fri Apr 5 23:21:53 UTC 2019
All,
I had the same issue start last night as well. However it completely stopped any mail – legit or not being delivered. I had to stop the clamav process in order to get mail to flow again.
Apr 6 00:20:56 myhost MailScanner[21622]: AV engine clamav timed out
Apr 6 00:20:56 myhost MailScanner[21622]: clamav: Failed to complete, timed out
Apr 6 00:20:56 myhost MailScanner[21622]: Virus Scanning: Denial Of Service attack detected!
Apr 6 00:20:56 myhost sendmail[22790]: x35DKq9R022790: from=<bounce-31_HTML-579087081-979145-97380-6 at bounce.emailinfo2.bestbuy.com>, size=57707, class=0, nrcpts=1, msgid=<58b9337c-50d9-4551-8d40-c967539868fa at ind1s01mta587.xt.local>, bodytype=8BITMIME,
proto=ESMTPS, daemon=MTA, relay=mta44.emailinfo2.bestbuy.com [136.147.140.129]
Apr 6 00:20:58 myhost MailScanner[22684]: New Batch: Found 6 messages waiting
Apr 6 00:20:58 myhost MailScanner[22684]: New Batch: Scanning 1 messages, 58359 bytes
Apr 6 00:20:59 myhost MailScanner[22684]: Virus and Content Scanning: Starting
Apr 6 00:21:04 myhost MailScanner[21444]: AV engine clamav timed out
Apr 6 00:21:04 myhost MailScanner[21444]: clamav: Failed to complete, timed out
Apr 6 00:21:04 myhost MailScanner[21444]: Virus Scanning: Denial Of Service attack detected!
Running ClamAV 0.101.1-1
Mailscanner v5.0.7
Warren
From: MailScanner <mailscanner-bounces+warren=scifioz.com at lists.mailscanner.info> On Behalf Of Sebastiano Dante Alighieri
Sent: Saturday, 6 April 2019 10:04 AM
To: mailscanner at lists.mailscanner.info
Subject: All Emails tagged as {VIRUS}
Hi,
In the past couple of days my email is all coming in with the subject line tagged as {VIRUS}. This is true for all mail, but of course there's no virus involved.
Mailscanner v5.0.7
ClamAV v0.100.0
ClamAV update process started at Fri Apr 5 18:41:07 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.101.2
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cld is up to date (version: 25410, sigs: 1552552, f-level: 63, builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
A review of /var/log/maillog suggests that there's a problem with ClamAV
Apr 5 18:31:22 myhost MailScanner[7448]: Virus and Content Scanning: Starting
Apr 5 18:34:23 myhost MailScanner[7448]: AV engine clamav timed out
Apr 5 18:34:23 myhost MailScanner[7448]: clamav: Failed to complete, timed out
Apr 5 18:34:23 myhost MailScanner[7448]: Virus Scanning: Denial Of Service attack detected!
I've tried to observe what is happening on the system, while mail is being scanned and what i can surmise is that clamscan is timing-out (uses 100% CPU)
any pointers would be greatly appreciated. I have not been able to find anything online.
I'll try upgrading to the latest and greatest MailScanner in the mean time.
thanks
Salighie
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190406/5267c4cc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 26689 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190406/5267c4cc/attachment.png>
More information about the MailScanner
mailing list