ClamScan DOS Attack :(

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
cgountanis
Normal user
Normal user
Posts: 105
Joined: 2005-07-01 00:54
Location: USA

ClamScan DOS Attack :(

Post by cgountanis » 2005-07-15 02:23

I found a problem for people running clamscan and hMailServer. When you slam the SMTP server with viruses the clamscan takes about 4MB each process and load the task manager with clamscan.exe. I have screen shot but can't attach here. Took about 28% CPU of a DUAL XEON 3.0 server for 5 minutes.

I hit this site: http://www.aleph-tec.com/eicar/index.php and slammed it with refreshes. Server didn't crash but damn that's scary!!! What to do?

bruns
New user
New user
Posts: 6
Joined: 2005-07-10 02:00
Location: NJ, USA
Contact:

Re: ClamScan DOS Attack :(

Post by bruns » 2005-07-15 02:54

cgountanis wrote:I found a problem for people running clamscan and hMailServer. When you slam the SMTP server with viruses the clamscan takes about 4MB each process and load the task manager with clamscan.exe. I have screen shot but can't attach here. Took about 28% CPU of a DUAL XEON 3.0 server for 5 minutes.

I hit this site: http://www.aleph-tec.com/eicar/index.php and slammed it with refreshes. Server didn't crash but damn that's scary!!! What to do?
There is no way to 'fix' this. If you need to be doing high performance scanning, its best to use clamdscan with clamd as it loads the engine once then passes the data to the engine without needing to load the engine each time.

This is not a DoS. Its a fact of how it works. The memory usage is not something I can change either - Cygwin is top heavy as it needs to support all the functionaly that Linux/UNIX provides on Windows (which tends to be lacking badly).

If you really need ClamAV running at its best speed possible, your best bet is to run Linux/UNIX, since that is the native platform it runs on.

We may be able to boost performance once its ported natively to Windows, however that takes time and money to do (neither of which the SOSDG can afford right now, as we've got a dozen upgrades going on to our equipment, and our massive deployment of a new network). However, we are constantly making tweaks and changes to aleviate issues with ClamAV when possible.
Brielle Bruns
The Summit Open Source Development Group

cgountanis
Normal user
Normal user
Posts: 105
Joined: 2005-07-01 00:54
Location: USA

Post by cgountanis » 2005-07-15 04:17

thank you

cgountanis
Normal user
Normal user
Posts: 105
Joined: 2005-07-01 00:54
Location: USA

Post by cgountanis » 2005-07-15 11:24


Post Reply