[24427] in bugtraq
Re: Anti Virus Mailscanners DOS
daemon@ATHENA.MIT.EDU (Jedi/Sector One)
Tue Feb 26 19:40:14 2002
Date: Tue, 26 Feb 2002 07:25:25 +0100
From: Jedi/Sector One <j@pureftpd.org>
To: "Eduardo R. Maciel" <maciel@inetd.com.br>
Cc: bugtraq@securityfocus.com, vuldb@securityfocus.com,
Renato LinuxSecurity <renato@linuxsecurity.com.br>
Message-ID: <20020226062547.GA27992@c9x.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020225162902.2279bf0d.maciel@inetd.com.br>
On Mon, Feb 25, 2002 at 04:29:02PM -0300, Eduardo R. Maciel wrote:
> An antivirus mailscanner should check the filesizes inside a compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file for scanning.
> Sending several mails with these compressed files may let a machine out of memory or disk space.
> The mailscanner should check the filesizes inside a compressed file.
A better approach is just to set proper process limits before spawning the
antivirus checker.
You can achieve this with softlimits (from daemontools), or with a simple
script using standard shell facilities (limit/ulimit) .
It doesn't require any change to your antivirus software.
--
__ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
