From 71bb51e08dc03f768d19f237fed415bc74246de3 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Sat, 10 Mar 2018 04:30:56 +0100
Subject: Update to protocol used by avast 2.2.0 (Multiline responses) (Bug
 2112)

Based on a patch by Victor Ustugov.
---
 test/confs/4017                                 |  1 +
 test/log/4017                                   |  7 ++
 test/paniclog/4017                              |  1 +
 test/rejectlog/4017                             | 24 +++++++
 test/scripts/4017_scan_avast_multiline/4017     | 86 +++++++++++++++++++++++++
 test/scripts/4017_scan_avast_multiline/REQUIRES |  2 +
 test/stderr/4017                                |  7 ++
 test/stdout/4017                                | 76 ++++++++++++++++++++++
 8 files changed, 204 insertions(+)
 create mode 120000 test/confs/4017
 create mode 100644 test/log/4017
 create mode 100644 test/paniclog/4017
 create mode 100644 test/rejectlog/4017
 create mode 100644 test/scripts/4017_scan_avast_multiline/4017
 create mode 100644 test/scripts/4017_scan_avast_multiline/REQUIRES
 create mode 100644 test/stderr/4017
 create mode 100644 test/stdout/4017

(limited to 'test')

diff --git a/test/confs/4017 b/test/confs/4017
new file mode 120000
index 000000000..cf237193b
--- /dev/null
+++ b/test/confs/4017
@@ -0,0 +1 @@
+4007
\ No newline at end of file
diff --git a/test/log/4017 b/test/log/4017
new file mode 100644
index 000000000..cd53a5c39
--- /dev/null
+++ b/test/log/4017
@@ -0,0 +1,7 @@
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss T="message should be accepted"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <userx@test.ex> R=r
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: avast TESTSUITE/eximdir/avast_sock : invalid response from scanner: '/bin/error	[E]0.0'
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected after DATA
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware_name This ist not even an EICAR test virus.
+1999-03-02 09:44:33 10HmaY-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> rejected after DATA
diff --git a/test/paniclog/4017 b/test/paniclog/4017
new file mode 100644
index 000000000..b6fcc0527
--- /dev/null
+++ b/test/paniclog/4017
@@ -0,0 +1 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: avast TESTSUITE/eximdir/avast_sock : invalid response from scanner: '/bin/error	[E]0.0'
diff --git a/test/rejectlog/4017 b/test/rejectlog/4017
new file mode 100644
index 000000000..f14a316b7
--- /dev/null
+++ b/test/rejectlog/4017
@@ -0,0 +1,24 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected after DATA
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER (helo=test.ex)
+	by myhost.test.ex with local-esmtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaX-0005vi-00
+	for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+  Date: Tue, 2 Mar 1999 09:44:33 +0000
+  Subject: defer this one, the scanner had an error
+I Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
+1999-03-02 09:44:33 10HmaY-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> rejected after DATA
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER (helo=test.ex)
+	by myhost.test.ex with local-esmtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaY-0005vi-00
+	for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+  Date: Tue, 2 Mar 1999 09:44:33 +0000
+  Subject: message should be rejected
+I Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
diff --git a/test/scripts/4017_scan_avast_multiline/4017 b/test/scripts/4017_scan_avast_multiline/4017
new file mode 100644
index 000000000..d075825b8
--- /dev/null
+++ b/test/scripts/4017_scan_avast_multiline/4017
@@ -0,0 +1,86 @@
+# content scan interface: avast
+### clean |  multiline response
+server DIR/eximdir/avast_sock
+>LF>220 ready
+<FLAGS -fullfiles
+>LF>210 FLAGS DATA
+>LF>FLAGS -fullfiles
+>LF>FLAGS +extra
+>LF>200 FLAGS OK
+<SCAN
+>LF>210 SCAN DATA
+>LF>/bin/clean1	[+]
+>LF>/bin/clean2	[+]
+>LF>200 SCAN OK
+<QUIT
+*eof
+****
+#
+#
+#
+exim -odi -bs -DOPTION="FLAGS -fullfiles" -DINSERT=
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be accepted
+
+.
+quit
+****
+#
+#
+### clean and error | multiline response
+server DIR/eximdir/avast_sock
+>LF>220 ready
+<SCAN
+>LF>210 SCAN DATA
+>LF>/bin/ok	[+]
+>LF>/bin/error	[E]0.0
+>LF>/bin/infected	[L]0.0	0 This is not even EICAR!
+>LF>200 SCAN OK
+<QUIT
+*eof
+****
+#
+#
+#
+exim -odi -bs -DOPTION= -DINSERT=
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: defer this one, the scanner had an error
+
+.
+quit
+****
+#
+#
+# clean and infected | multiline response
+server DIR/eximdir/avast_sock
+>LF>220 ready
+<SCAN
+>LF>210 SCAN DATA
+>LF>/bin/clean	[+]
+>LF>v\\ i\\ a\\ r\\ u\\ s	[L]9.9	9 This ist not even an EICAR test virus.
+>LF>200 SCAN OK
+<QUIT
+*eof
+****
+#
+#
+#
+exim -odi -bs -DOPTION= -DINSERT="/defer_ok"
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be rejected
+
+.
+quit
+****
diff --git a/test/scripts/4017_scan_avast_multiline/REQUIRES b/test/scripts/4017_scan_avast_multiline/REQUIRES
new file mode 100644
index 000000000..d5a69793c
--- /dev/null
+++ b/test/scripts/4017_scan_avast_multiline/REQUIRES
@@ -0,0 +1,2 @@
+support Content_Scanning
+malware avast
diff --git a/test/stderr/4017 b/test/stderr/4017
new file mode 100644
index 000000000..22157c3d1
--- /dev/null
+++ b/test/stderr/4017
@@ -0,0 +1,7 @@
+### clean |  multiline response
+### clean and error | multiline response
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: avast TESTSUITE/eximdir/avast_sock : invalid response from scanner: '/bin/error	[E]0.0'
+
+******** SERVER ********
+### clean |  multiline response
+### clean and error | multiline response
diff --git a/test/stdout/4017 b/test/stdout/4017
new file mode 100644
index 000000000..e46e8f3fd
--- /dev/null
+++ b/test/stdout/4017
@@ -0,0 +1,76 @@
+### clean |  multiline response
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250-myhost.test.ex Hello CALLER at test.ex
+250-SIZE 52428800
+250-8BITMIME
+250-PIPELINING
+250 HELP
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmaZ-0005vi-00
+221 myhost.test.ex closing connection
+### clean and error | multiline response
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250-myhost.test.ex Hello CALLER at test.ex
+250-SIZE 52428800
+250-8BITMIME
+250-PIPELINING
+250 HELP
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+451 Temporary local problem - please try later
+221 myhost.test.ex closing connection
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250-myhost.test.ex Hello CALLER at test.ex
+250-SIZE 52428800
+250-8BITMIME
+250-PIPELINING
+250 HELP
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+550 Administrative prohibition
+221 myhost.test.ex closing connection
+
+******** SERVER ********
+### clean |  multiline response
+Listening on TESTSUITE/eximdir/avast_sock ... 
+Connection request
+>LF>220 ready
+<FLAGS -fullfiles
+>LF>210 FLAGS DATA
+>LF>FLAGS -fullfiles
+>LF>FLAGS +extra
+>LF>200 FLAGS OK
+<SCAN TESTSUITE/spool/scan/10HmaZ-0005vi-00
+>LF>210 SCAN DATA
+>LF>/bin/clean1\x09[+]
+>LF>/bin/clean2\x09[+]
+>LF>200 SCAN OK
+<QUIT
+Expected EOF read from client
+End of script
+### clean and error | multiline response
+Listening on TESTSUITE/eximdir/avast_sock ... 
+Connection request
+>LF>220 ready
+<SCAN TESTSUITE/spool/scan/10HmaX-0005vi-00
+>LF>210 SCAN DATA
+>LF>/bin/ok\x09[+]
+>LF>/bin/error\x09[E]0.0
+>LF>/bin/infected\x09[L]0.0\x090 This is not even EICAR!
+>LF>200 SCAN OK
+Unexpected EOF read from client
+Listening on TESTSUITE/eximdir/avast_sock ... 
+Connection request
+>LF>220 ready
+<SCAN TESTSUITE/spool/scan/10HmaY-0005vi-00
+>LF>210 SCAN DATA
+>LF>/bin/clean\x09[+]
+>LF>v\\ i\\ a\\ r\\ u\\ s\x09[L]9.9\x099 This ist not even an EICAR test virus.
+>LF>200 SCAN OK
+<QUIT
+Expected EOF read from client
+End of script
-- 
cgit v1.2.3