Thank you for your info.
I do apt to conclude this as a "false positive", but clamav-0.98.1 does not
yield "high threat" warnings under the same scan conditions :
NVT: SMTP antivirus scanner DoS
OID: 1.3.6.1.4.1.25623.1.0.11036
Threat: Log (CVSS: 7.2)
Port: smtp (25/tcp)
submission (587/tcp)
For some reason, we could not send the 42.zip file to this MTA
Vulnerability Detection Method:
Details:
SMTP antivirus scanner DoS
(OID: 1.3.6.1.4.1.25623.1.0.11036)
I wish some expert can account for this difference before the "false
positive" conclusion.
On Sat, 24 May 2014, Greg Folkert wrote:
If this is like other "assumption based" Vulnerability scanning engines
(Rapid7 and Nessus and others)...
This is a return that is classified as a False Positive. Since you've
proven that it isn't doing what it thinks it is doing.
If your Scanners works as expected and not as described, then you can
file a false positive determination with your scanning vendor.
On Sat, 2014-05-24 at 21:42 +0800, anc...@gmail.com wrote:
Yes. After each modification, I ran "killall -HUP -e clamd" to restart clamd.
The scan report reads :
NVT: SMTP antivirus scanner DoS
OID: 1.3.6.1.4.1.25623.1.0.11036
Threat: High (CVSS: 7.2)
Port: smtp (25/tcp)
submission (587/tcp)
The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it
might have crashed. Please check its status right now, as it is
not possible to do so remotely
Vulnerability Detection Method:
Details:
SMTP antivirus scanner DoS
(OID: 1.3.6.1.4.1.25623.1.0.11036)
but both clamav-milter and clamd were still working well.
On Fri, 23 May 2014, Matus UHLAR - fantomas wrote:
On 23.05.14 11:50, anctop wrote:
I've tried to change the value of "MaxRecursion" in clamd.conf to 4
and 44 respectively, but both experiments yield the same result.
Did you reload/restart clamd afterwards? What was the result?
Can it be a problem with the MTA ?
I can't tell you without the information above
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
--
greg folkert - systems administration and support
web: donor.com
email: g...@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"All sweeping assertions are erroneous."
-- Letitia Elizabeth Landon
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
