Re: [exim] MIME question

Página Inicial
Delete this message
Reply to this message
Autor: Tony Finch
Data:  
Para: Tom Kistner
CC: exim-users, Michael Haardt
Assunto: Re: [exim] MIME question
On Fri, 30 Sep 2005, Tom Kistner wrote:
> Michael Haardt wrote:
>
> > I see the potential for an attacker to use 50 headers and a 100 kB body,
> > thus generating 50 message files, each a little over 100 kB, and 5 MB
> > in total to scan.
>
> DoS attacks against inline scanners are always easy. You can get the same
> effect with the infamous 42.zip file. :)


However they are relatively easy to defend against if you set appropriate
resource limits on the scanner's usage of memory, cpu, disk. For example,
ClamAV has a setting to limit the permitted expansion ratio of a
compressed file, and MailScanner kills off AV scanner sub-processes that
run too long.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}