On Fri, 30 Sep 2005, Tom Kistner wrote: > Michael Haardt wrote: > > > I see the potential for an attacker to use 50 headers and a 100 kB body, > > thus generating 50 message files, each a little over 100 kB, and 5 MB > > in total to scan. > > DoS attacks against inline scanners are always easy. You can get the same > effect with the infamous 42.zip file. :)
However they are relatively easy to defend against if you set appropriate resource limits on the scanner's usage of memory, cpu, disk. For example, ClamAV has a setting to limit the permitted expansion ratio of a compressed file, and MailScanner kills off AV scanner sub-processes that run too long. Tony. -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> http://dotat.at/ ${sg{\N${sg{\ N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
