From eb445b049c9b78cbe187b9cb3c318d65862d4851 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Mon, 2 Apr 2018 17:39:39 +0200 Subject: Avast: implement pass_unscanned option --- test/log/4017 | 12 +++++-- test/rejectlog/4017 | 12 +++++++ test/scripts/4017_scan_avast_multiline/4017 | 54 +++++++++++++++++++++++++++++ test/stdout/4017 | 48 +++++++++++++++++++++++-- 4 files changed, 121 insertions(+), 5 deletions(-) (limited to 'test') diff --git a/test/log/4017 b/test/log/4017 index 480ac5d19..9d07f31bf 100644 --- a/test/log/4017 +++ b/test/log/4017 @@ -1,9 +1,15 @@ -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss T="message should be accepted" -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=r -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss T="message should be accepted" +1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: R=r +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: avast TESTSUITE/eximdir/avast_sock : 451 SCAN Engine error 13 Permission denied 1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F= temporarily rejected after DATA 1999-03-02 09:44:33 10HmaY-0005vi-00 malware_name This is not even an EICAR test virus. 1999-03-02 09:44:33 10HmaY-0005vi-00 U=CALLER F= rejected after DATA 1999-03-02 09:44:33 10HmaZ-0005vi-00 malware_name The file is a decompression bomb 1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F= rejected after DATA +1999-03-02 09:44:33 10HmbA-0005vi-00 malware_name The file is a decompression bomb +1999-03-02 09:44:33 10HmbA-0005vi-00 U=CALLER F= rejected after DATA +1999-03-02 09:44:33 10HmbC-0005vi-00 internal scanner error (ignored): /bin/error [E]0.0 Error 42110 The\ file\ is\ a\ decompression\ bomb +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss T="message should be accepted" +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=r +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed diff --git a/test/rejectlog/4017 b/test/rejectlog/4017 index ca3f3888f..670b9057b 100644 --- a/test/rejectlog/4017 +++ b/test/rejectlog/4017 @@ -34,3 +34,15 @@ P Received: from CALLER (helo=test.ex) Subject: message should be rejected I Message-Id: F From: CALLER_NAME +1999-03-02 09:44:33 10HmbA-0005vi-00 U=CALLER F= rejected after DATA +Envelope-from: +Envelope-to: +P Received: from CALLER (helo=test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmbA-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 + Date: Tue, 2 Mar 1999 09:44:33 +0000 + Subject: message should be rejected +I Message-Id: +F From: CALLER_NAME diff --git a/test/scripts/4017_scan_avast_multiline/4017 b/test/scripts/4017_scan_avast_multiline/4017 index 3e6b06713..3f888ea63 100644 --- a/test/scripts/4017_scan_avast_multiline/4017 +++ b/test/scripts/4017_scan_avast_multiline/4017 @@ -110,3 +110,57 @@ Subject: message should be rejected . quit **** +# +# +# clean, error -> reject +server DIR/eximdir/avast_sock +>LF>220 ready +LF>210 SCAN DATA +>LF>/bin/clean [+] +>LF>/bin/error [E]0.0 Error 42110 The\\ file\\ is\\ a\\ decompression\\ bomb +>LF>200 SCAN OK + +rcpt to: +data +Date: Fri, 17 Dec 2004 14:35:01 +0100 +Subject: message should be rejected + +. +quit +**** +# +# +# clean, error (pass_unscanned) -> accept +server DIR/eximdir/avast_sock +>LF>220 ready +LF>210 SCAN DATA +>LF>/bin/clean [+] +>LF>/bin/error [E]0.0 Error 42110 The\\ file\\ is\\ a\\ decompression\\ bomb +>LF>200 SCAN OK + +rcpt to: +data +Date: Fri, 17 Dec 2004 14:35:01 +0100 +Subject: message should be accepted + +. +quit +**** diff --git a/test/stdout/4017 b/test/stdout/4017 index 388af3dd4..7d731ae90 100644 --- a/test/stdout/4017 +++ b/test/stdout/4017 @@ -8,7 +8,7 @@ 250 OK 250 Accepted 354 Enter message, ending with "." on a line by itself -250 OK id=10HmbA-0005vi-00 +250 OK id=10HmbB-0005vi-00 221 myhost.test.ex closing connection ### scanner tmpfail -> defer 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 @@ -44,6 +44,28 @@ 354 Enter message, ending with "." on a line by itself 550 Administrative prohibition 221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +550 Administrative prohibition +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbC-0005vi-00 +221 myhost.test.ex closing connection ******** SERVER ******** ### clean | multiline response @@ -55,7 +77,7 @@ Connection request >LF>FLAGS -fullfiles >LF>FLAGS +extra >LF>200 FLAGS OK -LF>210 SCAN DATA >LF>/bin/clean1\x09[+] >LF>/bin/clean2\x09[+] @@ -97,3 +119,25 @@ Connection request LF>220 ready +LF>210 SCAN DATA +>LF>/bin/clean\x09[+] +>LF>/bin/error\x09[E]0.0\x09Error 42110 The\\ file\\ is\\ a\\ decompression\\ bomb +>LF>200 SCAN OK +LF>220 ready +LF>210 SCAN DATA +>LF>/bin/clean\x09[+] +>LF>/bin/error\x09[E]0.0\x09Error 42110 The\\ file\\ is\\ a\\ decompression\\ bomb +>LF>200 SCAN OK +