Author: Mike Tubby Date: To: exim-users Subject: Re: [exim] Exim and Sophos command line AV wrong exit codes?
On 07/11/2020 16:52, Jeremy Harris via Exim-users wrote: > On 07/11/2020 16:16, Mike Tubby via Exim-users wrote:
>> Sophos manual for savscan says it returns:
>>
>> 0 If no errors are encountered and no threats are detected.
>> 1 If you interrupt savscan (usually by pressing CRTL+C)
>> or kill the process.
>> 2 If some error preventing further execution is
>> encountered.
>> 3 If threats or virus fragments are detected.
>
> The thing being run via "cmdline" has to return success, meaning a
> value of zero. Either wrap your savscan in a shellscript to do
> the right thing, or use the "sophie" interface.
Actually, I think I have found two problems:
1. that the return codes from savscan are << 8 which is a PITA but can
be fixed with a wrapper
2. the return value 512 (really 2) is tripping on a password encrypted
ZIP file for which there is no right thing to do:
a) accept it because we can't decrypt it [might still have a
virus]; or
b) reject it because we can't decrypt it [might not have a
virus but might be confidential customer data]