Hi folks, This question doesn't seem to have generated much interest on this list, but still it worries me, so I repost ;-)
There's something strange there: I've seen some installations on which the timeout seems to work, and some others (unfortunately, mine...) on which it does not. I can't figure out the reason why this would work on some systems, and not on others, so I wonder if any knowledgeable folk out there could have an idea ? Thanks in advance. Le Lundi 17 Février 2003 10:23, Michel Bouissou a écrit : > Hi there, > > I discovered and annoying problem using qmail-scanner 1.14: Its built-in > "timeout" protection doesn't work as expected. > > Example: > If you use qmail-scanner along with f-prot 3.12b, and feed it with a > "mailbomb" in the form of a recusrsive zip file that f-prot will take > forever to try decompressing (let's say the old, well-known 42.zip that you > can get from http://mapage.noos.fr/arboi/42.zip ), then qmail-scanner will > sit there forever while f-prot will "decompress" the file forever using > 100% CPU, and no timeout will be detected. > > It's only if you manually kill the f-prot process after a long time that > qmail-scanner will then say "Uh ! Timeout !". > > This is problematic, as this renders servers using qmail-scanner vulnerable > to a DOS-attack just by sending it several mails with "42.zip" attached at > the same time. > > Regards. -- Michel Bouissou <[EMAIL PROTECTED]> OpenPGP ID 0xDDE8AC6E ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
