[exim-dev] [Bug 1549] New: possible endless loop in malware.…

Top Page
Delete this message
Reply to this message
Author: Michael Fischer v Mollard
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 1549] possible endless loop in malware.c with fsecure, [exim-dev] [Bug 1549] possible endless loop in malware.c with fsecure, [exim-dev] [Bug 1549] possible endless loop in malware.c with fsecure
Subject: [exim-dev] [Bug 1549] New: possible endless loop in malware.c with fsecure
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1549
           Summary: possible endless loop in malware.c with fsecure
           Product: Exim
           Version: N/A
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Content Scanning
        AssignedTo: tom@???
        ReportedBy: lists@???
                CC: exim-dev@???



Created an attachment (id=761)
--> (http://bugs.exim.org/attachment.cgi?id=761)
timeout while reading fsavd's answer

Exim can use F-Secure as av_scanner. It uses a Unix socket to send a filename
to fsavd, and then reads with

do{

}
while (Ustrstr(av_buffer, "OK\tScan ok.") == NULL);

the answer. Unfortunately there are sometimes cases, in which fsavd simply
sends 'PING' and expects an answer on the socket. As there is no answer it will
send PING in end endless loop causing exim to loop endless too.

The F-Secure support stated „PING messages are a valid type of reply“ and
did not want to send documentation on the protocol, so second best option is to
force the malware scan to timeout after MALWARE_TIMEOUT. I'll attach a patch
for this. The downside is that the paniclog fills with timeout messages and the
affected messages won't be scanned.

The best solution of course would be to answer the PING request, but this would
require F-Secure to document the protocol.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email