Been getting a whole lot of these lately

Fri Aug 30 11:37:39 UTC 2019

Today when this happened the system didn't run out of memory but got got 
close
to running out of memory. So seems these "Denial of Service attacks" are
eating alot of memory.

On 2019-08-30 13:26, Maarten wrote:
> I have been getting a whole lot of these lately:
> 
> Aug 26 21:11:03 supernova MailScanner[3972]: Virus Scanning: Denial Of
> Service attack is in message 7020BA9E8.A8534
> Aug 26 21:11:03 supernova MailScanner[4748]: Virus Scanning: Denial Of
> Service attack is in message F2872186B5.A74A0
> Aug 26 21:11:03 supernova MailScanner[4227]: Virus Scanning: Denial Of
> Service attack is in message B4FC0A9E3.A9C74
> Aug 26 21:11:04 supernova MailScanner[4449]: Virus Scanning: Denial Of
> Service attack is in message 8CFA787BA.A87FA
> Aug 26 21:11:05 supernova MailScanner[3558]: Virus Scanning: Denial Of
> Service attack is in message 081851F362.A77AF
> Aug 26 21:16:34 supernova MailScanner[4748]: Virus Scanning: Denial Of
> Service attack is in message 8E3B1A9ED.AAB0A
> Aug 26 21:16:34 supernova MailScanner[4227]: Virus Scanning: Denial Of
> Service attack is in message 0093146B0.A4AC3
> Aug 26 21:16:34 supernova MailScanner[3972]: Virus Scanning: Denial Of
> Service attack is in message C0378A9E9.A88CD
> Aug 26 21:16:34 supernova MailScanner[4449]: Virus Scanning: Denial Of
> Service attack is in message 4F7847DD3.A71ED
> Aug 26 21:26:41 supernova MailScanner[3972]: Virus Scanning: Denial Of
> Service attack is in message 32A5FA9E7.AB984
> Aug 26 21:26:44 supernova MailScanner[4449]: Virus Scanning: Denial Of
> Service attack is in message 1D0521878A.A6398
> Aug 26 21:26:51 supernova MailScanner[4748]: Virus Scanning: Denial Of
> Service attack is in message E84D4A9E1.A828D
> Aug 26 21:32:08 supernova MailScanner[4449]: Virus Scanning: Denial Of
> Service attack is in message 2192F87A8.A7EF2
> Aug 26 21:32:09 supernova MailScanner[3972]: Virus Scanning: Denial Of
> Service attack is in message 0119DA9E2.A7498
> Aug 26 21:32:10 supernova MailScanner[4748]: Virus Scanning: Denial Of
> Service attack is in message D3CACA9EC.AA2B8
> Aug 26 21:38:10 supernova MailScanner[4748]: Virus Scanning: Denial Of
> Service attack is in message 4669E622A.A7B30
> Aug 26 21:38:10 supernova MailScanner[4449]: Virus Scanning: Denial Of
> Service attack is in message 7CD3D20377.A7366
> Aug 30 12:56:38 supernova MailScanner[17638]: Virus Scanning: Denial
> Of Service attack is in message E709B20EE3.AF891
> Aug 30 12:56:45 supernova MailScanner[17814]: Virus Scanning: Denial
> Of Service attack is in message 40E2C20F00.A0394
> Aug 30 12:56:50 supernova MailScanner[13313]: Virus Scanning: Denial
> Of Service attack is in message 7ADFC20377.A10DA
> Aug 30 12:56:51 supernova MailScanner[2564]: Virus Scanning: Denial Of
> Service attack is in message CE27B20F08.A07E2
> Aug 30 12:56:55 supernova MailScanner[30687]: Virus Scanning: Denial
> Of Service attack is in message 165002036A.A3DB9
> 
> When the "Subject: Virus Detected" message arrives I see they are
> mostly system mails one of my services, however also
> happened to several emails from a list. When this happens I see that
> the system has run out of memory and is killing
> processes. After I reboot the system everything is fine again, it's my
> vps for personal usage so not very heavily used.
> It's got 5G ram and 1 vCPU so that should be more any enough for low
> volume usage. I have never had any problems in
> the past. Only recently updated from SL7.6 to SL7.7, must be something
> in that update causing problems. Anyone else
> been having any problems with getting Denial of Service Attach 
> messages?
> 
> Also does anyone know if these selinux contexts have to be allowed for
> MailScanner to function properly?
> 
> #============= mscan_t ==============
> allow mscan_t antivirus_t:process signal;
> allow mscan_t sysfs_t:dir read; --> Don't see why MailScanner is
> trying to read something in sysfs