On Tue, Sep 07, 2004 at 10:59:24AM +0300, Pavel Gulchouck writes:
PG> My tests shows that malware returns ok (not defer) when drwebd return
PG> "read error" (drwebdc says "Results: daemon return code 0x1 (read error)").
Here's proposed patch:
--- malware.c.orig 2004-09-06 17:38:02.000000000 +0300
+++ malware.c 2004-09-07 14:11:45.949867405 +0300
@@ -26,4 +26,9 @@
#define DRWEBD_IS_MAIL (1<<19) /* say to daemon that format is "archive MAIL" */
+#define DERR_READ_ERR (1<<0) /* read error */
+#define DERR_NOMEMORY (1<<2) /* no memory */
+#define DERR_TIMEOUT (1<<9) /* scan timeout has run out */
+#define DERR_BAD_CALL (1<<15) /* wrong command */
+
/* Routine to check whether a system is big- or litte-endian.
Ripped from http://www.faqs.org/faqs/graphics/fileformats-faq/part4/section-7.html
@@ -369,4 +374,20 @@
}
else {
+ char *drweb_s = NULL;
+
+ if (drweb_rc & DERR_READ_ERR) drweb_s = "read error";
+ if (drweb_rc & DERR_NOMEMORY) drweb_s = "no memory";
+ if (drweb_rc & DERR_TIMEOUT) drweb_s = "timeout";
+ if (drweb_rc & DERR_BAD_CALL) drweb_s = "wrong command";
+ /* retcodes DERR_SYMLINK, DERR_NO_REGFILE, DERR_SKIPPED.
+ * DERR_TOO_BIG, DERR_TOO_COMPRESSED, DERR_SPAM,
+ * DERR_CRC_ERROR, DERR_READSOCKET, DERR_WRITE_ERR
+ * and others are ignored */
+ if (drweb_s) {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "malware acl condition: drweb: drweb daemon retcode 0x%x (%s)", drweb_rc, drweb_s);
+ close(sock);
+ return DEFER;
+ }
/* no virus found */
malware_name = NULL;
--
Lucky carrier,
Pavel.
