'Re: [AMaViS-user] preserved tempdirs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: [AMaViS-user] preserved tempdirs
From:       Alexander Bergolth <leo () strike ! wu-wien ! ac ! at>
Date:       2007-11-26 10:13:28
Message-ID: 474A9C48.4060100 () strike ! wu-wien ! ac ! at
[Download RAW message or body]

On 11/26/2007 10:32 AM, Leon Kolchinsky wrote:
>> Yesterday I ran into a problem that might also bring other amavis users
>> into trouble:
>>
>> Mailbombs containing special attachments caused clamav to get into
>> trouble. It became very slow on scanning those attachments, so amavisd
>> killed it after it reached the timeout. In my case (pre-queue-setup), it
>> caused the mail to be rejected with a 451 temporary error. The bad thing
>> is that amavisd didn't remove the temporary directory ("PRESERVING
>> EVIDENCE ..."), in some cases containing more than 100 MB of unpacked
>> files.

> You may try this as a cronjob:
> 
> * */2 * * * /bin/bash -c "(find /var/spool/amavis -type d -name 'amavis-*'
> -prune -mmin +120 -exec rm -rf {} \;)"

Yes, of course. In fact I do have similar cron-job (using tmpwatch).

But
1) disk space might be filled up in much less then two hours when a real
DOS-attack is launched (yes, I could shorten the interval of course)

2) I'd prefer to use amavisd's already built-in routines instead of
doing asynchronous cleanup afterwards.

I believe that assuring proper operation should be a higher goal than
trying to conserve traces for forensic analysis. (Actually using a
configurable cleanup-goal, you can have both.)

Cheers,
--leo
-- 
e-mail   ::: Alexander.Bergolth (at) wu-wien.ac.at
fax      ::: +43-1-31336-906050
location ::: Computer Center | Vienna University of Economics | Austria


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic