From 83d2a8615f6fede0c99dda5cb83dd510d7ad0269 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 31 Dec 2017 17:40:55 +0000 Subject: Fix conversation closedown with the Avast malware scanner. Bug 2113 --- doc/doc-txt/ChangeLog | 5 +++++ src/src/malware.c | 15 ++++++++------- test/scripts/4007_scan_avast/4007 | 6 +++--- test/stdout/4007 | 6 ++++-- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 8112d4b07..b99b8187b 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -89,6 +89,11 @@ PP/01 Fix broken Heimdal GSSAPI authenticator integration. Broken in f2ed27cf5, missing an equals sign for specified-initialisers. Broken also in d185889f4, with init system revamp. +JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner. + Previously we abruptly closed the connection after reading a malware- + found indication; now we go on to read the "scan ok" response line, + and send a quit. + Exim version 4.90 ----------------- diff --git a/src/src/malware.c b/src/src/malware.c index c18cd95be..e74ba9830 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -1968,15 +1968,17 @@ b_seek: err = errno; 0, 0, ovector, nelem(ovector)) > 0) break; - if ((malware_name = m_pcre_exec(ava_re_virus, buf))) + if ( !malware_name + && (malware_name = m_pcre_exec(ava_re_virus, buf))) { /* remove backslash in front of [whitespace|backslash] */ uschar * p, * p0; for (p = malware_name; *p; ++p) if (*p == '\\' && (isspace(p[1]) || p[1] == '\\')) for (p0 = p; *p0; ++p0) *p0 = p0[1]; - avast_stage = AVA_DONE; - goto endloop; + DEBUG(D_acl) + debug_printf_indent("unescaped m-name: '%s'\n", malware_name); + break; } if (Ustrncmp(buf, "200 SCAN OK", 11) == 0) @@ -1987,15 +1989,14 @@ b_seek: err = errno; "unable to send quit request to socket (%s): %s", scanner_options, strerror(errno)), sock); - malware_name = NULL; + avast_stage = AVA_DONE; - goto endloop; } - /* here for any unexpected response from the scanner */ + /* here also for any unexpected response from the scanner */ goto endloop; - case AVA_DONE: log_write(0, LOG_PANIC, "%s:%d:%s: should not happen", + default: log_write(0, LOG_PANIC, "%s:%d:%s: should not happen", __FILE__, __LINE__, __FUNCTION__); } } diff --git a/test/scripts/4007_scan_avast/4007 b/test/scripts/4007_scan_avast/4007 index a58188c95..0611f2a96 100644 --- a/test/scripts/4007_scan_avast/4007 +++ b/test/scripts/4007_scan_avast/4007 @@ -10,7 +10,7 @@ server DIR/eximdir/avast_sock >LF>blah [+] >LF>200 SCAN OK LF>blah [E] >LF>200 SCAN OK LF>b\\ l\\ a\\ h [L]9.9 9 VNAME >LF>200 SCAN OK LF>blah\x09[+] >LF>200 SCAN OK LF>210 SCAN DATA >LF>b\\ l\\ a\\ h\x09[L]9.9\x099 VNAME >LF>200 SCAN OK -Unexpected EOF read from client +