From a9622bc619b4929c873bb6929fcbdf1fd1f4ffec Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Mon, 14 Jun 2010 18:51:09 +0000 Subject: [PATCH] Clarify that the ACL framework is not invoked for -bmalware, so that using ACL variables in av_scanner blindly will not work. --- doc/doc-docbook/spec.xfpt | 17 ++++++++++------- doc/doc-txt/NewStuff | 4 +++- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 14c1bf8d8..1ec418101 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1,4 +1,4 @@ -. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.87 2010/06/12 15:21:25 jetmore Exp $ +. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.88 2010/06/14 18:51:09 pdp Exp $ . . ///////////////////////////////////////////////////////////////////////////// . This is the primary source of the Exim Manual. It is an xfpt document that is @@ -3184,12 +3184,15 @@ the listening daemon. .cindex "testing", "malware" .cindex "malware scan test" This debugging option causes Exim to scan the given file, -using the malware scanning framework. The option of av_scanner influences -this option, so if av_scanner's value is dependent upon an expansion then -the expansion should have defaults which apply to this invocation. Exim will -have changed working directory before resolving the filename, so using fully -qualified pathnames is advisable. Exim will be running as the Exim user -when it tries to open the file, rather than as the invoking user. +using the malware scanning framework. The option of &%av_scanner%& influences +this option, so if &%av_scanner%&'s value is dependent upon an expansion then +the expansion should have defaults which apply to this invocation. ACLs are +not invoked, so if &%av_scanner%& references an ACL variable then that variable +will never be populated and &%-bmalware%& will fail. + +Exim will have changed working directory before resolving the filename, so +using fully qualified pathnames is advisable. Exim will be running as the Exim +user when it tries to open the file, rather than as the invoking user. This option requires admin privileges. The &%-bmalware%& option will not be extended to be more generally useful, diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index dbf7e8600..a3e3362a4 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.175 2010/06/12 15:21:25 jetmore Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.176 2010/06/14 18:51:10 pdp Exp $ New Features in Exim -------------------- @@ -42,6 +42,8 @@ Version 4.73 takes one parameter, a filename, and scans that file with Exim's malware-scanning framework. This is intended purely as a debugging aid to ensure that Exim's scanning is working, not to replace other tools. + Note that the ACL framework is not invoked, so if av_scanner references + ACL variables without a fallback then this will fail. 5. There is a new expansion operator, "reverse_ip", which will reverse IP addresses; IPv4 into dotted quad, IPv6 into dotted nibble. Examples: -- 2.25.1