>
> 0 as result code should be only used, when everything is ok - no
> error or viruses. Otherwise, from the source of clamdscan it seems,
> that it has 3 result codes, but I might have missed something:
> 0 - everything is ok
> 1 - virus found
> 2 - error
Be careful, this may violate the principal of "fail safe" if not
implemented properly. This is an example which came across bugtraq for
return values of 0 for successful authentication. (it's pseudo-c code)
html_post(base64("user", "pass"), html_ret_buf, sizeof(html_ret_buf))
if (!atoi(html_ret_buf))
// wheee! We're authenticated
else
// invalid user
If html_ret_buf is garbage like "error 404 not found" you get
authenticated 'cause atoi("foobar") == 0.
Just be careful if you want to use 0 for a-ok and /always/ fail-safe.
--
Eric Wheeler
Vice President
National Security Concepts, Inc.
PO Box 3567
Tualatin, OR 97062
http://www.nsci.us/
Voice: (503) 293-7656
Fax: (503) 885-0770
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
