On Mon, Aug 25, 2003 at 07:15:59AM -0600, Sancho2k.net Lists wrote: > I guess what I'm asking is could an attacker bring down the system by > forcing resource-intensive content through the AV scanner?
Well of course - they always could. This has nothing to do with Q-S - it affects everything you run (Qmail itself, Web servers, DNS servers, etc). There is no way to stop DoS attacks - only mitigate them. As far as Q-S is concerned, you need to size your solution to match the environment it runs under. If that environment suddenly burst way above your limits, then Q-S will behave poorly - just as any other product would. However, don't forget that tcpserver is your friend: you're supposed to be using it to ensure that no more than the max load you are willing to support is possible at any moment in time. Also you are making the assumption that Q-S is a problem: whereas the reality is that most DoS issues to do with virus scanning will come from the commercial AV products you run - not Q-S. Over the years I have seen several commercial AV products pull the system down under load due to bugs they contained... :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Qmail-scanner-announce mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general