Re: [exim-dev] cmdline scanner checks pclose() output, this…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Heiko Schlittermann
Data:  
Para: exim-dev
Assunto: Re: [exim-dev] cmdline scanner checks pclose() output, this breaks existing deployments
Heiko Schlittermann <hs@???> (So 30 Nov 2014 23:38:25 CET):
> Hello Jeremy,
>
> in b1f8e4f8ec26ecb99e56a0ed3a5140b65ec95a97 you introduced a check
> for the pclose() return value in the cmdline scanner.
>
> While this is a good idea generally, it may slightly break existing
> deployments. At least one cmdline scanner (avast) uses it's exit code
> to signal that a virus was found.


Using

    av_scanner = cmdline:/bin/scan %s || true:<trigger>:<re>


may work. But since the complete command gets translated to

           popen("/bin/scan %s || true 2>&1", "r")


the above line needs to be:

    av_scanner = cmdline:{ /bin/scan %s || true; }:<trigger>:<re>


which is quite ugly. At least it should find it's way into the spec
that we're using popen() and /bin/sh and that such commands will work.

(I'm not sure about security implications from using popen() and
/bin/sh).

Greetings
--
Heiko