On (2003/11/03 09:23), Tim Jackson wrote:
> Hmm, you're right. Using clamd, this is what Exiscan is actually getting
> back:
>
> $ telnet localhost 3310
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp/photos.zip
> /tmp/photos.zip: File size limit exceeded. ERROR
>
> > I suspect that exiscan-acl needs to learn to ignore the "File size limit
> > exceeded" message.
>
> The strange thing is that regardless of what the message says, Exiscan
> should be detecting the trailing " ERROR" from the clamd socket as an
> error and doing a tempreject. Or is Exiscan treating ERRORs as "ok"
> instead of "tempreject" these days? This is with rev 12, by the way.
Nope, it's still supposed to return DEFER on ERROR; I wonder if this
isn't an off-by-one error, and we'd catch it if we searched for ERRO.
:-)
if((p = Ustrrchr(av_buffer,':')) == NULL) {
...
}
/* strip filename strip CR at the end */
++p;
while (*p == ' ') ++p;
vname = p;
p = vname + Ustrlen(vname) - 1;
if( *p == '\n' ) *p = '\0';
if ((p = Ustrstr(vname, "FOUND"))!=NULL) {
...
}
else {
if (Ustrstr(vname, "ERROR")!=NULL) {
...
return DEFER;
}
}
Ciao,
Sheldon.
