Re: [exim] Exim and Sophos command line AV wrong exit codes?

Top Page
Delete this message
Reply to this message
Author: Mike Tubby
Date:  
To: exim-users
Subject: Re: [exim] Exim and Sophos command line AV wrong exit codes?


On 07/11/2020 16:52, Jeremy Harris via Exim-users wrote:
> On 07/11/2020 16:16, Mike Tubby via Exim-users wrote:
>> Sophos manual for savscan says it returns:
>>
>>         0      If no errors are encountered and no threats are detected.
>>         1      If you interrupt savscan (usually by pressing CRTL+C)
>> or kill the process.
>>         2      If some error preventing further execution is
>> encountered.
>>         3      If threats or virus fragments are detected.
>
> The thing being run via "cmdline" has to return success, meaning a
> value of zero.  Either wrap your savscan in a shellscript to do
> the right thing, or use the "sophie" interface.


Actually, I think I have found two problems:

1. that the return codes from savscan are << 8 which is a PITA but can
be fixed with a wrapper

2. the return value 512 (really 2) is tripping on a password encrypted
ZIP file for which there is no right thing to do:

        a) accept it because we can't decrypt it [might still have a
virus]; or

        b) reject it because we can't decrypt it [might not have a
virus but might be confidential customer data]

    appears to be a loose-loose ;-(

Mike