Fix conversation closedown with the Avast malware scanner. Bug 2113
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 31 Dec 2017 17:40:55 +0000 (17:40 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Thu, 8 Feb 2018 21:20:02 +0000 (21:20 +0000)
doc/doc-txt/ChangeLog
src/src/malware.c
test/scripts/4007_scan_avast/4007
test/stdout/4007

index 8112d4b..b99b818 100644 (file)
@@ -89,6 +89,11 @@ PP/01 Fix broken Heimdal GSSAPI authenticator integration.
       Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
       Broken also in d185889f4, with init system revamp.
 
+JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner.
+      Previously we abruptly closed the connection after reading a malware-
+      found indication; now we go on to read the "scan ok" response line,
+      and send a quit.
+
 
 Exim version 4.90
 -----------------
index c18cd95..e74ba98 100644 (file)
@@ -1968,15 +1968,17 @@ b_seek:   err = errno;
                    0, 0, ovector, nelem(ovector)) > 0)
                break;
 
-             if ((malware_name = m_pcre_exec(ava_re_virus, buf)))
+             if (  !malware_name
+                && (malware_name = m_pcre_exec(ava_re_virus, buf)))
                { /* remove backslash in front of [whitespace|backslash] */
                uschar * p, * p0;
                for (p = malware_name; *p; ++p)
                  if (*p == '\\' && (isspace(p[1]) || p[1] == '\\'))
                    for (p0 = p; *p0; ++p0) *p0 = p0[1];
 
-               avast_stage = AVA_DONE;
-               goto endloop;
+               DEBUG(D_acl)
+                 debug_printf_indent("unescaped m-name: '%s'\n", malware_name);
+               break;
                }
 
              if (Ustrncmp(buf, "200 SCAN OK", 11) == 0)
@@ -1987,15 +1989,14 @@ b_seek:   err = errno;
                              "unable to send quit request to socket (%s): %s",
                              scanner_options, strerror(errno)),
                              sock);
-               malware_name = NULL;
+
                avast_stage = AVA_DONE;
-               goto endloop;
                }
 
-             /* here for any unexpected response from the scanner */
+             /* here also for any unexpected response from the scanner */
              goto endloop;
 
-           case AVA_DONE:      log_write(0, LOG_PANIC, "%s:%d:%s: should not happen",
+           default:    log_write(0, LOG_PANIC, "%s:%d:%s: should not happen",
                            __FILE__, __LINE__, __FUNCTION__);
            }
          }
index a58188c..0611f2a 100644 (file)
@@ -10,7 +10,7 @@ server DIR/eximdir/avast_sock
 >LF>blah       [+]
 >LF>200 SCAN OK
 <QUIT
-<*eof
+*eof
 ****
 #
 #
@@ -36,7 +36,7 @@ server DIR/eximdir/avast_sock
 >LF>blah       [E]
 >LF>200 SCAN OK
 <QUIT
-<*eof
+*eof
 ****
 #
 #
@@ -62,7 +62,7 @@ server DIR/eximdir/avast_sock
 >LF>b\\ l\\ a\\ h      [L]9.9  9 VNAME
 >LF>200 SCAN OK
 <QUIT
-<*eof
+*eof
 ****
 #
 #
index 19e0f30..603de15 100644 (file)
@@ -66,7 +66,7 @@ Connection request
 >LF>blah\x09[+]
 >LF>200 SCAN OK
 <QUIT
-Unexpected EOF read from client
+Expected EOF read from client
 End of script
 Listening on TESTSUITE/eximdir/avast_sock ... 
 Connection request
@@ -83,7 +83,9 @@ Connection request
 >LF>210 SCAN DATA
 >LF>b\\ l\\ a\\ h\x09[L]9.9\x099 VNAME
 >LF>200 SCAN OK
-Unexpected EOF read from client
+<QUIT
+Expected EOF read from client
+End of script
 Listening on TESTSUITE/eximdir/avast_sock ... 
 Connection request
 *sleep 3