<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='mso-fareast-language:EN-US'>All,<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>I had the same issue start last night as well. However it completely stopped any mail – legit or not being delivered. I had to stop the clamav process in order to get mail to flow again.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:56 myhost MailScanner[21622]: AV engine clamav timed out<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:56 myhost MailScanner[21622]: clamav: Failed to complete, timed out<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:56 myhost MailScanner[21622]: Virus Scanning: Denial Of Service attack detected!<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:56 myhost sendmail[22790]: x35DKq9R022790: from=<bounce-31_HTML-579087081-979145-97380-6@bounce.emailinfo2.bestbuy.com>, size=57707, class=0, nrcpts=1, msgid=<58b9337c-50d9-4551-8d40-c967539868fa@ind1s01mta587.xt.local>, bodytype=8BITMIME,<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'> proto=ESMTPS, daemon=MTA, relay=mta44.emailinfo2.bestbuy.com [136.147.140.129]<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:58 myhost MailScanner[22684]: New Batch: Found 6 messages waiting<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:58 myhost MailScanner[22684]: New Batch: Scanning 1 messages, 58359 bytes<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:20:59 myhost MailScanner[22684]: Virus and Content Scanning: Starting<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:21:04 myhost MailScanner[21444]: AV engine clamav timed out<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:21:04 myhost MailScanner[21444]: clamav: Failed to complete, timed out<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Apr 6 00:21:04 myhost MailScanner[21444]: Virus Scanning: Denial Of Service attack detected!<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Running ClamAV 0.101.1-1<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Mailscanner v5.0.7<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Warren<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> MailScanner <mailscanner-bounces+warren=scifioz.com@lists.mailscanner.info> <b>On Behalf Of </b>Sebastiano Dante Alighieri<br><b>Sent:</b> Saturday, 6 April 2019 10:04 AM<br><b>To:</b> mailscanner@lists.mailscanner.info<br><b>Subject:</b> All Emails tagged as {VIRUS}<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><div><div><p class=MsoNormal>Hi, <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>In the past couple of days my email is all coming in with the subject line tagged as {VIRUS}. This is true for all mail, but of course there's no virus involved.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Mailscanner v5.0.7<o:p></o:p></p></div><div><p class=MsoNormal>ClamAV v0.100.0<o:p></o:p></p></div></div></div><blockquote style='margin-left:30.0pt;margin-right:0cm'><div><div><div><div><p class=MsoNormal>ClamAV update process started at Fri Apr 5 18:41:07 2019<o:p></o:p></p></div></div></div></div><div><div><div><div><p class=MsoNormal>WARNING: Your ClamAV installation is OUTDATED!<o:p></o:p></p></div></div></div></div><div><div><div><div><p class=MsoNormal>WARNING: Local version: 0.100.0 Recommended version: 0.101.2<o:p></o:p></p></div></div></div></div><div><div><div><div><p class=MsoNormal>DON'T PANIC! Read <a href="https://www.clamav.net/documents/upgrading-clamav">https://www.clamav.net/documents/upgrading-clamav</a><o:p></o:p></p></div></div></div></div><div><div><div><div><p class=MsoNormal>main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)<o:p></o:p></p></div></div></div></div><div><div><div><div><p class=MsoNormal>daily.cld is up to date (version: 25410, sigs: 1552552, f-level: 63, builder: raynman)<o:p></o:p></p></div></div></div></div><div><div><div><div><p class=MsoNormal>bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)<o:p></o:p></p></div></div></div></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>A review of /var/log/maillog suggests that there's a problem with ClamAV<o:p></o:p></p></div></div><blockquote style='margin-left:30.0pt;margin-right:0cm'><div><div><div><p class=MsoNormal>Apr 5 18:31:22 myhost MailScanner[7448]: Virus and Content Scanning: Starting<o:p></o:p></p></div></div></div><div><div><div><p class=MsoNormal>Apr 5 18:34:23 myhost MailScanner[7448]: <b><span style='color:red'>AV engine clamav timed out</span></b><o:p></o:p></p></div></div></div><div><div><div><p class=MsoNormal>Apr 5 18:34:23 myhost MailScanner[7448]: <b><span style='color:red'>clamav: Failed to complete, timed out</span></b><o:p></o:p></p></div></div></div><div><div><div><p class=MsoNormal>Apr 5 18:34:23 myhost MailScanner[7448]: <b><span style='color:red'>Virus Scanning: Denial Of Service attack detected!</span></b><o:p></o:p></p></div></div></div></blockquote><div><div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I've tried to observe what is happening on the system, while mail is being scanned and what i can surmise is that clamscan is timing-out (uses 100% CPU)<o:p></o:p></p></div><div><div><p class=MsoNormal><img border=0 width=494 height=42 style='width:5.1458in;height:.4375in' id="_x0000_i1025" src="cid:image002.png@01D4EC62.1C4D38C0" alt=image.png><o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>any pointers would be greatly appreciated. I have not been able to find anything online.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I'll try upgrading to the latest and greatest MailScanner in the mean time.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>thanks<o:p></o:p></p></div><div><p class=MsoNormal>Salighie<o:p></o:p></p></div></div></div></div></div><p class=MsoNormal><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is <br>believed to be clean. <o:p></o:p></p></div><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body></html>