Re: [exim] Clamav disabling and problems

Góra strony
Delete this message
Reply to this message
Autor: Leonardo Boselli
Data:  
Dla: exim-users
Temat: Re: [exim] Clamav disabling and problems
On Wed, 3 Oct 2007, Leonardo Boselli wrote:
> I just did a security updete on debian etch, getting the most recent clamav
> version on 29 september.
> I saw yesterday thet now clamav is detting all the cpu it can get, but at the
> sametime is slooow .


Important NEWS: my problem was not in clamav.
the story is quite hilarious.
On the server there were a program that get email sent to a centain
address, filter them and then store the attachments in a
secured web accessible directory notifying the sender of the fact (and
telling him/her what is the url to retrieve it).
This is used to allow people to use it as a billboard avoiding them to
send long attachments to many people.
It happened that one spammer sent a message tho this particular address
using the same as sender address. So the program duly sent the reply to
the sender ... er ... to itself.
This reply of course triggered a new reply and so on ....
actually all of these messages passed throught clamav and since they were
internal i did not noticed them . the only symoptom was just that clamav
was overloaded and so it was too much slow the reply,
I just found it when i noticed the log of the billboard program grow
anomalously and looked into it !!

Question: is easy to put a list of "usernames" so the system would refuse
to deliver an e-mail when _both_ sender and adreesse are on the
yellow-list (including being the same thing) ?