I am using qmail-scanner 1.20 on Linux Debian, kernel 2.4.20, with
McAfee uvscan, and I experienced a condition where viruses are not
blocked.
I notice that the uvscan_scanner code can be paraphrased as:
$DD=`$uvscan_binary (...omitted...) 2>&1`;
$uvscan_status=($? >> 8);
&debug("--output of uvscan was:\n$DD--");
if ( $uvscan_status > 0 ) {
# problems
}
# exit with no problems
The problem here is that the backquote that fills DD has the same
return values as the "system" functions, that "man perlfunc" says
should be checked as:
-------------CUT
You can check all the failure possibilities by
inspecting $? like this:
$exit_value = $? >> 8;
$signal_num = $? & 127;
$dumped_core = $? & 128;
or more portably by using the W*() calls of the
POSIX extension; see perlport for more informa-
tion.
When the arguments get executed via the system
shell, results and return codes will be subject to
its quirks and capabilities. See "`STRING`" in
perlop and "exec" for details.
-------------CUT
What happened to me was that the Debian qmail package is imposing an
ulimit -v of 8192 to the processes spawned from the SMTP connection,
and while this used to be fine, after the upgrade of the uvscan
engine it was reaching that limit. It did not throw an error during
loading of shared libraries, it just could not be exec'ed at all.
When this happens, the backquote returns 127 (I don't know why),
which is masked out with the >>8 operation. So qmail-scanner thought
that everything was OK but uvscan was never executed, and VIRUSES
ACTUALLY PASSED THRU! (I got *hundreds* of netsky delivered to users
for this...).
My proposal is to replace:
$uvscan_status=($? >> 8);
with
$uvscan_status=$?;
so that this case would be trated as an error condition and
block mail delivery.
Regards,
Michele Bergonzoni
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
