Re: [Exim] ClamAV + exiscan missing virus

Top Page
Delete this message
Reply to this message
Author: Sheldon Hearn
Date:  
To: Tim Jackson
CC: exim-users, exiscanusers
Subject: Re: [Exim] ClamAV + exiscan missing virus
On (2003/11/03 09:23), Tim Jackson wrote:

> Hmm, you're right. Using clamd, this is what Exiscan is actually getting
> back:
>
> $ telnet localhost 3310
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp/photos.zip
> /tmp/photos.zip: File size limit exceeded. ERROR
>
> > I suspect that exiscan-acl needs to learn to ignore the "File size limit
> > exceeded" message.
>
> The strange thing is that regardless of what the message says, Exiscan
> should be detecting the trailing " ERROR" from the clamd socket as an
> error and doing a tempreject. Or is Exiscan treating ERRORs as "ok"
> instead of "tempreject" these days? This is with rev 12, by the way.


Nope, it's still supposed to return DEFER on ERROR; I wonder if this
isn't an off-by-one error, and we'd catch it if we searched for ERRO.
:-)

    if((p = Ustrrchr(av_buffer,':')) == NULL) {
        ...
    }


    /* strip filename strip CR at the end */
    ++p;
    while (*p == ' ') ++p;
    vname = p;
    p = vname + Ustrlen(vname) - 1;
    if( *p == '\n' ) *p = '\0';


    if ((p = Ustrstr(vname, "FOUND"))!=NULL) {
        ...
    }
    else {
        if (Ustrstr(vname, "ERROR")!=NULL) {
            ...
            return DEFER;
        }
    }


Ciao,
Sheldon.