[Mimedefang] clamd memory leak?
Jeffrey Goldberg
jeffrey at goldmark.org
Fri Apr 16 22:07:01 EDT 2004
On Fri, 16 Apr 2004, Kelsey Cummings wrote:
> There are some outside cases where a 4mb message can make some versions of
> clamd consume >gigs< of RAM. It's also decompressing files into RAM so a
> 50 MB message that's compressed 2:1 will take at least 100MB of RAM. Add
> to this the overhead for the scanner's structures and recursion it could
> take a great deal more. Clamd can be DoS'd pretty easily right now. You
> may want to consider tuning it, running something later than .70rc, running
> it under ulimits and adding as much RAM to the server as you can afford or
> will fit.
I suspect that what can be done to Clamav can be done to others as well.
It might be a good idea to take your suggestion about setting ulimits when
calling the virus scanner.
I took a look a mimedefang.pl and found the function
run_virus_scanner
That contains a fragment of a line
open(SCANNER, "$cmd |")
Now I'm sure there must be some relatively easy way in perl to get
something openned like this to run with various rlimits set. But I
couldn't find it. But I think that it would be a good idea to have a
configurable variable which corresponds to a ulimit -m VALUE.
That seems like the safest general solution instead of having to worry
about each and every release of each and every third party program that MD
calls.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
Hate spam? Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/
More information about the MIMEDefang
mailing list