On Fri, 16 Apr 2004, Kelsey Cummings wrote: > There are some outside cases where a 4mb message can make some versions of > clamd consume >gigs< of RAM. It's also decompressing files into RAM so a > 50 MB message that's compressed 2:1 will take at least 100MB of RAM. Add > to this the overhead for the scanner's structures and recursion it could > take a great deal more. Clamd can be DoS'd pretty easily right now. You > may want to consider tuning it, running something later than .70rc, running > it under ulimits and adding as much RAM to the server as you can afford or > will fit.
I suspect that what can be done to Clamav can be done to others as well. It might be a good idea to take your suggestion about setting ulimits when calling the virus scanner. I took a look a mimedefang.pl and found the function run_virus_scanner That contains a fragment of a line open(SCANNER, "$cmd |") Now I'm sure there must be some relatively easy way in perl to get something openned like this to run with various rlimits set. But I couldn't find it. But I think that it would be a good idea to have a configurable variable which corresponds to a ulimit -m VALUE. That seems like the safest general solution instead of having to worry about each and every release of each and every third party program that MD calls. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ Relativism is the triumph of authority over truth, convention over justice Hate spam? Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/ _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
