Bug#786392: exim4-daemon-heavy: av_scanner + cmdline: wrong return code detected

Thu May 21 09:34:29 UTC 2015

tags #786392 upstream wontfix
thanks

[Not sure whether this is an actual bug, and if it is, it's upstream,
the fix would change exim's behavior in Debian quite strongly]

Hi,

On Thu, May 21, 2015 at 11:02:11AM +0200, Martin Schirrmacher wrote:
> I use following line in my exim config for av_scanner
>     av_scanner = cmdline: /usr/bin/bdscan_exim_wrapper %s: infected: (.+)
> The wrapper is a simple bash script. If I exit the script with "exit 0"
> all is fine. If I exit the script with "exit 1", I'll get the following
> line in /var/log/exim4/mainlog:
>     "malware acl condition: cmdline: scanner returned error code: 256"
> If I exit the script with "exit 2", I'll get these line in log:
>     "malware acl condition: cmdline: scanner returned error code: 512"

This is the expected behavior of the wait system call. If we applied
your change, we would mask out other error possibilities.

The av_scanner configuration item uses a regular expression to find
out about infection anyway, so I guess that it just expects the error
code to be always zero or it is a reportable error issue. spec.txt
isn't very explicit about this.

> I think the bug is in src/malware.c 
>     sep = pclose(scanner_out);
> This should be:
>     sep = WEXITSTATUS(pclose(scanner_out));
> 
> This is a patch for 4.85
> --- src/malware.c       2015-05-21 10:52:43.676273516 +0200
> +++ src/malware.c       2015-05-21 10:53:00.868563036 +0200
> @@ -951,7 +951,7 @@
>         }
> 
>         (void)fclose(scanner_record);
> -       sep = pclose(scanner_out);
> +       sep = WEXITSTATUS(pclose(scanner_out));
>         signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
>         if (sep != 0)
>             return m_errlog_defer(scanent,

I don't think we are going to locally apply a change this disruptive
locally in Debian. Please take this issue upstream. exim.org has a
bugzilla installation.

Should they actually make changes, we'll happily apply this to Debian
and of course take the upstream patch with one of the next upstream
versions.

I am tagging this bug wontfix in the mean time.

> I don't know how to attach this as a file?!?

You can just do this with your mail client. If you have used
reportbug, it asks you whether to attach a file after you have exited
the editor.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421