Hello,
Clamav logs some additional information with certain signature
database types (e.g. the sanesecurity
http://www.sanesecurity.co.uk/
signatures):
/var/spool/exim4/scan/1PF6Az-00024G-Av/1PF6Az-00024G-Av.eml:
Sanesecurity.Junk.28939.UNOFFICIAL(2eca940c161e3ca16ec4aed1bc918d64:1075)
FOUND
This changes the output which exim expects in malware.c:1348, where
only one colon (after the filename) is expected. The $malware_name for
this is set to "1075)" instead of
"Sanesecurity.Junk.28939.UNOFFICIAL(2eca940c161e3ca16ec4aed1bc918d64:1075)"
because strrchr matches to the last colon. Changing strrchr to strchr
in malware.c:1348 should solve this here - any objections from the
list to this fix ?
--- src/malware Kopie.c 2009-11-11 11:08:01.000000000 +0100
+++ src/malware.c 2010-11-07 15:55:28.000000000 +0100
@@ -1381,7 +1381,7 @@
if( *p == '\n' ) *p = '\0';
/* colon in returned output? */
- if((p = Ustrrchr(av_buffer,':')) == NULL) {
+ if((p = Ustrchr(av_buffer,':')) == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: clamd: ClamAV returned
malformed result: %s",
av_buffer);
Regards,
Aarno
--
Aarno Aukia
Atrila GmbH
Switzerland
