Re: [Qmail-scanner-general]Resource limits; zipofdeath and 42.zip

Thu, 28 Aug 2003 23:33:15 +0000 

On Thu, 28 Aug 2003, Mark Simon Powell wrote:

>   42.zip is 42K in size. It will consume vast amounts of cpu time,
> bringing your relay to it's knees unless you apply some sort of cpu
> resource limit. However, then it is simply soft failed and will keep
> retrying and retrying constantly hogging cpu every time qmail scanner
> processes it.

Adding the '--maxfilesize 50' option to uvscan effectively stops
qmail-scanner hanging on 42.zip.

>   With regards to the zipofdeath; Unfortunately our
> /var/qmail/control/databytes is set to over 10MB.  Users want this, but
> this makes us susceptible to this. Anyway, why should I have to set the
> databytes limit abitrarily low just to avoid this? Surely the scanner
> should be able to cope with this?
>   Currently any kind of resource limiting causes unzip/uvscan to fail and
> qmail scanner to cause the file to be held at the remote end and then
> retried again.

Starting external commands from within qmail-scanner as:

my $unzip_binary='/usr/local/bin/softlimit -t 120 -f 51000000 /usr/local/bin/unzip';
my $uvscan_binary='/usr/local/bin/softlimit -t 120 -f 51000000 /usr/local/bin/uvscan 
--maxfilesize 50';

prevents qmail-scanner bringing the system to it's knees on
fileofdeath.zip. However, QS is causing the mail to be retried.
  It seems that it is not taking notice of:

                   $exit_value  = $? >> 8;
                   $signal_num  = $? & 127;
                   $dumped_core = $? & 128;

i.e. when the cpu time limit is reached I'm seeing an exit value of 152 in
the qmail-queue.log and an exit value of 153 when file size limit is
reached. 152 is signal num 24 and 153 is 25:

/usr/include/sys/signal.h:#define       SIGXCPU         24      /* exceeded CPU time 
limit */
/usr/include/sys/signal.h:#define       SIGXFSZ         25      /* exceeded file size 
limit */

  If it could take notice of the signal num and be configured to
quarantine such files with selective notification as with viruses then
we'd be on to a winner.
  Cheers.

-- 
Mark Powell - UNIX System Administrator - The University of Salford
Information Services Division, Clifford Whitworth Building,
Salford University, Manchester, M5 4WT, UK.
Tel: +44 161 295 5936  Fax: +44 161 295 5888  www.pgp.com for PGP key


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to