Hi All,
After running a Nessus scan on my ASL [4.021] everything looked ok except for 1 BAD thing...my CPU utilization is now staying at 100%, the ASL seems sluggish, and also here are some of my other findings:
From Nessus report:
smtp (25/tcp) Low
Some antivirus scanners dies when they process an email with a
too long string without line breaks. Such a message was sent. If there is an antivirus on your MTA, it might have crashed.
From ASL:
asl:/root # ps aux | grep av
root 23914 0.0 0.2 2096 904 ? S 14:26 0:00 /bin/bash /sbin/init.d/av-scanner start
root 23915 0.0 0.2 2096 904 ? S 14:26 0:00 /bin/bash /sbin/init.d/av-scanner start
root 23917 0.0 0.2 2256 860 ? S 14:26 0:00 /bin/avsocketmultiplexer /var/chroot-smtp/tmp/AvpCtl /var/chroot-smtp /tmp/AvpCtl
root 23918 0.0 0.2 2256 856 ? S 14:26 0:00 /bin/avsocketmultiplexer /var/chroot-pop3/var/run/AvpCtl /var/chroot-pop3 /tmp/AvpCtl
root 23940 0.0 1.7 7104 6832 ? S 14:26 0:00 ./kavdaemon -Y -dl -WS -F=/usr/lib/kavdaemon/exiscan.prf -T=/var/chroot-mail/smtp/tmp -f=/tmp -* /var
root 13550 0.0 0.2 2260 984 ? S 20:07 0:00 /bin/avsocketmultiplexer /var/chroot-smtp/tmp/AvpCtl /var/chroot-smtp /tmp/AvpCtl
root 13552 78.6 3.1 46124 12184 ? R 20:07 68:50 ./kavdaemon -Y -dl -WS -F=/usr/lib/kavdaemon/exiscan.prf -T=/var/chroot-mail/smtp/tmp -f=/tmp -* /var
root 18662 0.0 0.1 1408 444 pts/0 S 21:34 0:00 grep av
You can see that the 13552 process has been actively running 68 minutes using 78% of the CPU! In the webadmin it is showing 99% total CPU utilization. I ran the Nessus scan in non-safe and enabled all of the plugins. I am using the SMTP proxy and have the AV turned on. The system is a 350MHz machine with over 300MB of RAM and an 8GB HDD. I am now unable to receive any mail! I can still telnet to the ASL mail port from the outside and here is what I am getting:
220 mail.xxxx.org ESMTP ready.
250-mail.xxxx.org Hello disrv [w.x.y.z]
250-SIZE 41943040
250-PIPELINING
250-STARTTLS
250 HELP
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
451 Error while writing spool file
(My input is not echoed)
The 451 occures after sending the "."
After turning off the SMTP AV checking the CPU utilization went down but I could still not send an e-mail through via telnet, but with a different error:
220 asl.xxxx.org ESMTP Exim 4.22 Thu, 11 Mar 2004 22:11:31 -0500
250-asl.xxxx.org Hello disrv [w.x.y.z]
250-SIZE 52428800
250-PIPELINING
250 HELP
250 OK
550 Administrative prohibition
(again, my input not echoed)
The 550 came after the RCPT TO: xxxxx@mydomain.org
After restarting the SMTP proxy I could telnet into the ASL from the outside and sucessfuly send a mail:
220 mail.xxxx.org ESMTP ready.
250-mail.xxxx.org Hello disrv [w.x.y.z]
250-SIZE 41943040
250-PIPELINING
250-STARTTLS
250 HELP
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
250 OK id=1B1dDp-00018H-8i
221 mail.xxxx.org closing connection
I will try duplicating and let you know the results.
This thread was automatically locked due to age.
