Re: [exim] DoS attack with nested MIME levels

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMFred Viles at <-
M 
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: exim-users
Subject: Re: [exim] DoS attack with nested MIME levels
>
> Michael Haardt wrote:
> > Hello,
> >
> > out of the blue, I am getting a bunch of mails with
> a very deep MIME
> > nesting and an "email-info.scr" file inside. Our
> mailer rejects them,
> > but it takes forever and a day to scan it. The
> whole thing looks like
> > a mail loop, because the sending MTA encapsulates
> the message together
> > with the 550 error message from our MTA into a new
> mail and tries again
> > (that's why the nesting gets so deep). Were this a
> single host, I'd
> > block it. But I see that from hosts all over the
> world.
> >
> > Any idea what that crap is?
>
> Nope, but we've had something similar a while ago.
> The way exim
> (and clam) unpack the mail leaves a bit to be desired.
> A 9Mb mail
> can use up to 300Mb of disk (or RAM) because of the
> way it gets
> unpacked. And have parts of it scanned multiple times
> as a result.

Can anyone suggest a more efficient virus scanner?

Marilyn Davis

>
> Ian
>
> --
> Ian Freislich
>



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: Antw: Re: [exim] host lookup did not complete & sender verify[exim] VERP rewriting rules->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)