Not to argue, but just to mention the points that led me to that conclusion. After that e-mail came in at about 4:00 this morning 3 of my users reported that they received no e-mail until I manually removed that message from the queue and killed the clamd process. Looking at the mail queue it appears that this was due to clamd consuming all the CPU so other messages were not able to be scanned.
---------------- Thanks Jefferson Cowart [EMAIL PROTECTED] > -----Original Message----- > From: Stephen Gran [mailto:[EMAIL PROTECTED] > Sent: Monday, March 14, 2005 18:48 > To: Jefferson Cowart; [EMAIL PROTECTED] > Subject: Re: Bug#299469: Tagging > > This one time, at band camp, Jefferson Cowart said: > > As this bug can lead to a DOS condition I'm tagging it as a security > > bug. (I got bit by this one this morning when this bug was created > > with the bad message attached.) > > I am not sure that's entirely appropriate - it does make the MTA 4xx > incoming messages if you run out $TMP space, but it doesn't create an > outright DoS - clamd still runs and processes new requests. It will > also significantly add to system load, but it is not enough (at least > here, with a relatively weak machine) to kill it. Essentially all it > really does is make one thread of the scanner work unnecessarily hard, > for an unnecessary amount of time (it does seem to eventually finish, > BTW - it just takes way longer than a reasonable SMTP > exchange could be > expected to wait). > > I am not going to argue, though, as I feel it's more > important to fix it > than to waste time debating semantics :) > -- > ----------------------------------------------------------------- > | ,''`. Stephen Gran | > | : :' : [EMAIL PROTECTED] | > | `. `' Debian user, admin, and developer | > | `- > http://www.debian.org | > ----------------------------------------------------------------- > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
