Malware: new connection type "f-prot6d" for FPSCAND protocol over TCP

7 files changed, 224 insertions, 0 deletions

diff --git a/test/confs/4011 b/test/confs/4011
new file mode 100644
index 000000000..7be64dc6d
--- /dev/null
+++ b/test/confs/4011
@@ -0,0 +1,29 @@
+# Exim test configuration 4011
+# Content-scan: f-prot6d interface
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+av_scanner = f-prot6d : localhost4 PORT_S
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_data = c_data
+
+begin acl
+
+c_data:
+  accept !malware = * OPT
+  deny	 logwrite = $callout_address malware_name $malware_name
+
+# ----- Routers -----
+
+begin routers
+
+r:
+  driver = redirect
+  data = :blackhole:
+
+# End
diff --git a/test/log/4011 b/test/log/4011
new file mode 100644
index 000000000..48f0f886c
--- /dev/null
+++ b/test/log/4011
@@ -0,0 +1,11 @@
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <userx@test.ex> R=r
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 [127.0.0.1]:1111 malware_name EICAR_Test_File
+1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> rejected after DATA
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected after DATA
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <userx@test.ex> R=r
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
diff --git a/test/paniclog/4011 b/test/paniclog/4011
new file mode 100644
index 000000000..73c3c0111
--- /dev/null
+++ b/test/paniclog/4011
@@ -0,0 +1,2 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
diff --git a/test/rejectlog/4011 b/test/rejectlog/4011
new file mode 100644
index 000000000..adeded6fb
--- /dev/null
+++ b/test/rejectlog/4011
@@ -0,0 +1,24 @@
+1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> rejected after DATA
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER (helo=test.ex)
+	by myhost.test.ex with local-esmtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaZ-0005vi-00
+	for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+  Date: Tue, 2 Mar 1999 09:44:33 +0000
+  Subject: message should be rejected
+I Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected after DATA
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER (helo=test.ex)
+	by myhost.test.ex with local-esmtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaX-0005vi-00
+	for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+  Date: Tue, 2 Mar 1999 09:44:33 +0000
+  Subject: message should be deferred due to timeout
+I Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
diff --git a/test/scripts/4000-scanning/4011 b/test/scripts/4000-scanning/4011
new file mode 100644
index 000000000..20e6ab2b8
--- /dev/null
+++ b/test/scripts/4000-scanning/4011
@@ -0,0 +1,88 @@
+# content scan interface: f-prot6d
+need_ipv4
+munge loopback
+#
+server PORT_S
+<SCAN FILE
+>0 <clean>
+>*eof
+****
+#
+#
+#
+exim -odi -bs -DOPT=
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be accepted
+
+.
+quit
+****
+#
+#
+#
+server PORT_S
+<SCAN FILE
+>0 <infected: EICAR_Test_File> DIR/spool/scan/1clxBT-0003I9-8y/1clxBT-0003I9-8y.eml
+>*eof
+****
+#
+#
+#
+exim -odi -bs -DOPT=
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be rejected
+
+due to the server response (above)
+.
+quit
+****
+#
+#
+#
+server PORT_S
+<SCAN FILE
+*sleep 3
+****
+#
+#
+#
+exim -odi -bs -DOPT="/tmo=2s"
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be deferred due to timeout
+
+.
+quit
+****
+#
+#
+#
+server PORT_S
+<SCAN FILE
+*sleep 3
+****
+#
+#
+#
+exim -odi -bs -DOPT="/tmo=2s/defer_ok"
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be accepted despite timeout
+
+.
+quit
+****
diff --git a/test/stderr/4011 b/test/stderr/4011
new file mode 100644
index 000000000..73c3c0111
--- /dev/null
+++ b/test/stderr/4011
@@ -0,0 +1,2 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
diff --git a/test/stdout/4011 b/test/stdout/4011
new file mode 100644
index 000000000..dd4eddeee
--- /dev/null
+++ b/test/stdout/4011
@@ -0,0 +1,68 @@
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250-myhost.test.ex Hello CALLER at test.ex

+250-SIZE 52428800

+250-8BITMIME

+250-PIPELINING

+250 HELP

+250 OK

+250 Accepted

+354 Enter message, ending with "." on a line by itself

+250 OK id=10HmbA-0005vi-00

+221 myhost.test.ex closing connection

+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250-myhost.test.ex Hello CALLER at test.ex

+250-SIZE 52428800

+250-8BITMIME

+250-PIPELINING

+250 HELP

+250 OK

+250 Accepted

+354 Enter message, ending with "." on a line by itself

+550 Administrative prohibition

+221 myhost.test.ex closing connection

+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250-myhost.test.ex Hello CALLER at test.ex

+250-SIZE 52428800

+250-8BITMIME

+250-PIPELINING

+250 HELP

+250 OK

+250 Accepted

+354 Enter message, ending with "." on a line by itself

+451 Temporary local problem - please try later

+221 myhost.test.ex closing connection

+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250-myhost.test.ex Hello CALLER at test.ex

+250-SIZE 52428800

+250-8BITMIME

+250-PIPELINING

+250 HELP

+250 OK

+250 Accepted

+354 Enter message, ending with "." on a line by itself

+250 OK id=10HmaY-0005vi-00

+221 myhost.test.ex closing connection

+
+******** SERVER ********
+Listening on port 1224 ... 
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmbA-0005vi-00/10HmbA-0005vi-00.eml
+>0 <clean>
+>*eof
+End of script
+Listening on port 1224 ... 
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmaZ-0005vi-00/10HmaZ-0005vi-00.eml
+>0 <infected: EICAR_Test_File> DIR/spool/scan/10HmbB-0005vi-00/10HmbB-0005vi-00.eml
+>*eof
+End of script
+Listening on port 1224 ... 
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmaX-0005vi-00/10HmaX-0005vi-00.eml
+*sleep 3
+End of script
+Listening on port 1224 ... 
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmaY-0005vi-00/10HmaY-0005vi-00.eml
+*sleep 3
+End of script