[Qmail-scanner-general]sub-uvscan.pl failing open?
AV/content filter for Qmail
Brought to you by:
jhaar
Menu
▾
▴
[Qmail-scanner-general]sub-uvscan.pl failing open?
|
From: Nick G. <ngi...@mi...> - 2006-01-17 22:34:27
|
We have seen a few errors ("corrupt or unknown MacAfee scanner error or
memory/resource/perms problem") that are generated by this routine. It
looks to me like if MacAfee fails because of a vulnerability or resource
exhaustion this check fails open and allows the message to pass. Is
this the case and is it the desired behavior?
Nick
sub uvscan_scanner {
#MacAfee scanner
&debug("uvscan: starting scan of directory \"$ENV{'TMPDIR'}\"...");
my ($start_uvscan_time)=[gettimeofday];
my
($DD,$uvscan_status,$euvscan_status,$stop_uvscan_time,$uvscan_time,$uvscan_verbose);
$uvscan_verbose="-v" if ($DEBUG);
&debug("run $uvscan_binary $uvscan_verbose -r --secure --fam --unzip
--macro-heuristics $ENV{'TMPDIR'} 2>&1");
$DD=`$uvscan_binary $uvscan_verbose -r --secure --fam --unzip
--macro-heuristics $ENV{'TMPDIR'} 2>&1`;
$uvscan_status=$?;
$euvscan_status=($uvscan_status >> 8);
&debug("--output of uvscan was:\n$DD--");
if ( $euvscan_status > 0 ) {
if ($DD =~ /^\s+Found(.*)$/m) {
$quarantine_description=$1;
&debug("There be a virus! ($quarantine_description)");
($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="UVSCAN:".substr($quarantine_event,0,$QE_LEN);
$description .= "\n---uvscan results ---\n$DD";
# print "virus \"$virus\"\n";
} else {
#This implies a corrupt set of DAT files or resource problems...
&error_condition("corrupt or unknown MacAfee scanner error or
memory/resource/perms problem - exit status
$uvscan_status/$euvscan_status");
}
} elsif ($uvscan_status > 0) {
#This implies a corrupt set of DAT files or resource problems...
&error_condition("corrupt or unknown MacAfee scanner error or
memory/resource/perms problem - exit status
$uvscan_status/$euvscan_status");
}
$stop_uvscan_time=[gettimeofday];
$uvscan_time = tv_interval ($start_uvscan_time, $stop_uvscan_time);
&debug("uvscan: finished scan of dir \"$ENV{'TMPDIR'}\" in
$uvscan_time secs");
}
|