[Qmail-scanner-general]sub-uvscan.pl failing open?
AV/content filter for Qmail
Brought to you by:
jhaar
From: Nick G. <ngi...@mi...> - 2006-01-17 22:34:27
|
We have seen a few errors ("corrupt or unknown MacAfee scanner error or memory/resource/perms problem") that are generated by this routine. It looks to me like if MacAfee fails because of a vulnerability or resource exhaustion this check fails open and allows the message to pass. Is this the case and is it the desired behavior? Nick sub uvscan_scanner { #MacAfee scanner &debug("uvscan: starting scan of directory \"$ENV{'TMPDIR'}\"..."); my ($start_uvscan_time)=[gettimeofday]; my ($DD,$uvscan_status,$euvscan_status,$stop_uvscan_time,$uvscan_time,$uvscan_verbose); $uvscan_verbose="-v" if ($DEBUG); &debug("run $uvscan_binary $uvscan_verbose -r --secure --fam --unzip --macro-heuristics $ENV{'TMPDIR'} 2>&1"); $DD=`$uvscan_binary $uvscan_verbose -r --secure --fam --unzip --macro-heuristics $ENV{'TMPDIR'} 2>&1`; $uvscan_status=$?; $euvscan_status=($uvscan_status >> 8); &debug("--output of uvscan was:\n$DD--"); if ( $euvscan_status > 0 ) { if ($DD =~ /^\s+Found(.*)$/m) { $quarantine_description=$1; &debug("There be a virus! ($quarantine_description)"); ($quarantine_event=$quarantine_description)=~s/\s/_/g; $quarantine_event="UVSCAN:".substr($quarantine_event,0,$QE_LEN); $description .= "\n---uvscan results ---\n$DD"; # print "virus \"$virus\"\n"; } else { #This implies a corrupt set of DAT files or resource problems... &error_condition("corrupt or unknown MacAfee scanner error or memory/resource/perms problem - exit status $uvscan_status/$euvscan_status"); } } elsif ($uvscan_status > 0) { #This implies a corrupt set of DAT files or resource problems... &error_condition("corrupt or unknown MacAfee scanner error or memory/resource/perms problem - exit status $uvscan_status/$euvscan_status"); } $stop_uvscan_time=[gettimeofday]; $uvscan_time = tv_interval ($start_uvscan_time, $stop_uvscan_time); &debug("uvscan: finished scan of dir \"$ENV{'TMPDIR'}\" in $uvscan_time secs"); } |