[Clamav-users] Return value "72" from clamd <-> mimedefang.pl [help?]

Tue, 09 Nov 2004 19:47:38 -0800 

Tue Nov  9 22:03:30 EST 2004

Hello,

I am looking for some assistance in tracking down a failure of clamd
after an upgrade to ClamAV 0.80/582/. Interactively, clamscan and clamd
appear to function normally and correctly but when called from MIMEDefang-filter
(mimedefang.pl) , clamd returns an error code (72) that I have been unable to 
find
in the sources or in the clamscan manual page. I agree that this may be a local
configuration problem or a mimedefang problem but any assistance with the "72"
return error code would be of great help. The error codes listed in the
clamscan manual page end at 71.

Installation ran correctly as expected prior to the upgrade.

[Prerequisite information]:

OS build: 
        FreeBSD  4.10-STABLE FreeBSD 4.10-STABLE #1: Sun Oct 10 10:55:19 EDT 
2004

ClamAV version:
        ClamAV 0.80/582/Tue Nov  9 18:54:06 2004
        Installed via ports

Called via:
        MIMEDefang 2.42

via local UNIX socket:  
        LocalSocket /var/run/clamav/clamd  

My test file is a message which is known to contain the average variant
of the Somefool virus.

I have prepended the lines of specific context of the problem 
with "+" in the code snippets below.


Problem:
        Clamd returns error code value "72" when called from mimedefang.pl: 
        message_contains_virus().

        I extracted a code snippet from where I believe the point of 
        failure is (from mimedefang.pl) and, when running as root, 
        the snippet, when run interactively, returns the expected result:

--------------------------------------------------------------
#/usr/local/bin/perl -w

use IO;
&message_contains_virus_clamd();

sub message_contains_virus_clamd (;$) {
    my ($clamd_sock) = "/var/run/clamav/clamd";
    $clamd_sock = shift if (@_ > 0);
    $clamd_sock = "/var/spool/MIMEDefang/clamd.sock" if (!defined($clamd_sock));
    my ($output,$sock);

    # PING/PONG test to make sure clamd is alive
    $sock = IO::Socket::UNIX->new(Peer => $clamd_sock);
    if (defined $sock) {

+       #
+       # hard coded my test virus into the snippet.
+       #
+       $sock->print("SCAN /usr/home/sandbox/virus.test");

        $sock->flush;
        $sock->sysread($output,256);
        print ("$output\n");

+       # Result: 
+       # /usr/home/sandbox/virus.test: Worm.SomeFool.P FOUND

        $sock->close;
        }
}
---------------------------------------------------------------

#
# OK. Now  the same mail message is sent via the mail server through 
mimedefang.pl.
#

---------------------------------------------------------------

sub message_contains_virus_clamd (;$) {
    my ($clamd_sock) = $ClamdSock;
    $clamd_sock = shift if (@_ > 0);
    $clamd_sock = "/var/spool/MIMEDefang/clamd.sock" if (!defined($clamd_sock));
    my ($output,$sock);

    # PING/PONG test to make sure clamd is alive
    $sock = IO::Socket::UNIX->new(Peer => $clamd_sock);
    if (defined $sock) {
        $sock->print("PING");
        $sock->flush;
        $sock->sysread($output,256);
        $sock->close;
        chomp($output);

+       #
+       # Debug logging added.
+       #
+         md_syslog('warning', "$MsgID: $output");

+       #
+       # Expected response, PONG prints in mail server log.
+       #
+   # Nov  9 22:37:54 mailserver mimedefang.pl[9249]: iAA3bnhW010313: PONG

        if (! defined($output) || $output ne "PONG") {
          md_syslog('err', "$MsgID: clamd is not responding");
          return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
        }
    }
    else {
        md_syslog('err', "$MsgID: Could not connect to clamd daemon at 
$clamd_sock");
        return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }

    # open up a socket and scan each file in ./Work
    $sock = IO::Socket::UNIX->new(Peer => $clamd_sock);
    if (defined $sock) {
        if (!$sock->print("SCAN $CWD/Work\n")) {
            $sock->close;
            return (wantarray ? (999, 'swerr', 'tempfail') : 999);
        }
        if (!$sock->flush) {
            $sock->close;
            return (wantarray ? (999, 'swerr', 'tempfail') : 999);
        }
        my $ans;
        $ans = $sock->sysread($output,256);

+       #
+       # More debug logging added.
+       #

+         md_syslog('warning', "$MsgID: answer is $ans");

+       #
+       # It is HERE that the log returns:
+       #
+       # Nov  9 22:37:54 mailserver mimedefang.pl[9249]: iAA3bnhW010313: 
answer is 72
+   # The virus is apparently undetected.
+   #


        $sock->close;
        if (!defined($ans) || !$ans) {
            return (wantarray ? (999, 'swerr', 'tempfail') : 999);
        }
        if ($output =~ /: (.+) FOUND/) {
            $VirusScannerMessages .= "clamd found the $1 virus.\n";
            $VirusName = $1;
            return (wantarray ? (1, 'virus', 'quarantine') : 1);
        }
    }
    else {
        # Could not connect to daemon
        md_syslog('err', "$MsgID: Could not connect to clamd daemon at 
$clamd_sock");
        return (wantarray ? (999, 'cannot-execute', 'tempfail') : 999);
    }
    # No errors, no infected files were found
    return (wantarray ? (0, 'ok', 'ok') : 0);
}

-----------------------------------------------------------------------------

Thanks

Guy Boyd
VTA Technologies
Atlanta, Georgia USA



_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Reply via email to