From: Peter B. <pet...@ls...> - 2003-04-30 13:04:11
|
Hello all... This is a re-send, as my initial attempt to send this got stuck in the same way described below. After sending this, I will trawl back through the archives, so apologies in advance... I am however trying to diagnose a problem with our main mail server, so I need a 'quick fix'. I'm running amavisd-new (20030314), and Sophos (with SAVI-Perl), NAI uvscan and f-prot (as secondary). I have a message (attached as badmail.txt.gz, grabbed from the /var/amavis/ dir. structure) which just sent the system into a spin... When people complained of 'quiet' email, I noticed two instances of amavisd-new running, both running at 50%, and both stuck in a loop unlinking/rmdir'ing files in /tmp (all 0 bytes with names such as b2599c7a.$$$)... Also in the log, I see: Apr 30 12:55:49 postbox amavis[3874]: (03874-01-46) Checking: <sa...@ho...> -> <Huy...@ls...> Apr 30 12:55:49 postbox amavis[3874]: (03874-01-46) Using Sophos SAVI: (built-in interface) ... and there it 'stops', or rather the amavisd-new process goes into a loop. I eventually just killed the PID, hoping to get the message out of the way... I'd be grateful for any suggestions, as this is essentially a DoS against our system at the moment... the message itself is clearly spam, but also heavily nested. Does amavisd-new eventually kill off the SAVI invocation, or have a mechanism for noticing that it overall has been running for a very very long time (about 1 hour+ when I first noticed the problem starting at 10:58am here)... ? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 |