On Mon, Aug 25, 2003 at 07:15:59AM -0600, Sancho2k.net Lists wrote:
> I guess what I'm asking is could an attacker bring down the system by 
> forcing resource-intensive content through the AV scanner?

Well of course - they always could. This has nothing to do with Q-S - it
affects everything you run (Qmail itself, Web servers, DNS servers, etc).

There is no way to stop DoS attacks  - only mitigate them. 

As far as Q-S is concerned, you need to size your solution to match the
environment it runs under. If that environment suddenly burst way above your
limits, then Q-S will behave poorly - just as any other product would. 

However, don't forget that tcpserver is your friend: you're supposed to be
using it to ensure that no more than the max load you are willing to support
is possible at any moment in time. 

Also you are making  the  assumption that Q-S is a problem: whereas the
reality is that most DoS issues to do with virus scanning will come from the
commercial AV products you run - not Q-S. Over the years I have seen several
commercial AV products pull the system down under load due to bugs they
contained... :-)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Qmail-scanner-announce mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to