Alexander 'Leo' Bergolth wrote: > Hi! > > I am experiencing problems with some spam-mail that causes amavisd to > hang forever. Maybe it has some problems when running spamassassin, at > least in many cases the last debug-output is from spamassassin. However, > when manually feeding the mail to spamassassin, everything works fine. > > Additionally, the following error is output: > > *** glibc detected *** amavisd (ch1-30412-01): free(): invalid next size > (normal): 0x0def2e28 *** > > The corresponding process never recovers and has to be killed with -9. > > The emails that cause the trouble contain a zip file as attachment. > I have saved one of those mails, together with the debug-output of > amavis at the following address: > > http://leo.kloburg.at/tmp/amavis-hang/ > > Since mail delivery stops once all configured amavisd children are in > such a hanging state, I am desperately looking for an advice how to > further track down the bug. > > Additionally I'd appreciate any hints on how to reject those mails in an > early state, so that amavisd won't crash. (Maybe based on the > attachment-name?) > > Thanks, > --leo
Clam has been catching these here as Trojan.Downloader-71014. Here's a postfix mime_header_checks rule to reject mail with an attachment by this name. Caution: this is for temporary use only. It will reject any mail with an attachment named "ecard.zip" without regard to whether it's a virus or not. # postfix main.cf mime_header_checks = pcre:/etc/postfix/mime_header_checks # /etc/postfix/mime_header_checks # note: this is all one line, beware line wrapping ~^Content-(Disposition|Type):\s+.*?(file)?name="?ecard\.zip(\?=)?"?\s*(;|$)~ REJECT possible Trojan.Downloader-71014 worm I can't yet answer why it hangs your (and apparently a few other's) amavisd-new. Details of your OS and software versions may help. -- Noel Jones ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
