#786392 exim4-daemon-heavy: av_scanner + cmdline: wrong return code detected

Package:
exim4-daemon-heavy
Source:
exim4
Description:
Exim MTA (v4) daemon with extended features, including exiscan-acl
Submitter:
Martin Schirrmacher
Date:
2015-05-21 10:15:10 UTC
Severity:
minor
#786392#5
Date:
2015-05-21 09:02:11 UTC
From:
To:
Dear Maintainer,

I use following line in my exim config for av_scanner
    av_scanner = cmdline: /usr/bin/bdscan_exim_wrapper %s: infected: (.+)
The wrapper is a simple bash script. If I exit the script with "exit 0"
all is fine. If I exit the script with "exit 1", I'll get the following
line in /var/log/exim4/mainlog:
    "malware acl condition: cmdline: scanner returned error code: 256"
If I exit the script with "exit 2", I'll get these line in log:
    "malware acl condition: cmdline: scanner returned error code: 512"

I think the bug is in src/malware.c
    sep = pclose(scanner_out);
This should be:
    sep = WEXITSTATUS(pclose(scanner_out));

This is a patch for 4.85
--- src/malware.c       2015-05-21 10:52:43.676273516 +0200
+++ src/malware.c       2015-05-21 10:53:00.868563036 +0200
@@ -951,7 +951,7 @@
        }

        (void)fclose(scanner_record);
-       sep = pclose(scanner_out);
+       sep = WEXITSTATUS(pclose(scanner_out));
        signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
        if (sep != 0)
            return m_errlog_defer(scanent,

I don't know how to attach this as a file?!?

Apologize if I have made false or erroneous information, this is my
first bug report


Regards
Martin Schirrmacher

#786392#12
Date:
2015-05-21 09:34:29 UTC
From:
To:
tags #786392 upstream wontfix
thanks

[Not sure whether this is an actual bug, and if it is, it's upstream,
the fix would change exim's behavior in Debian quite strongly]

Hi,

This is the expected behavior of the wait system call. If we applied
your change, we would mask out other error possibilities.

The av_scanner configuration item uses a regular expression to find
out about infection anyway, so I guess that it just expects the error
code to be always zero or it is a reportable error issue. spec.txt
isn't very explicit about this.

I don't think we are going to locally apply a change this disruptive
locally in Debian. Please take this issue upstream. exim.org has a
bugzilla installation.

Should they actually make changes, we'll happily apply this to Debian
and of course take the upstream patch with one of the next upstream
versions.

I am tagging this bug wontfix in the mean time.

You can just do this with your mail client. If you have used
reportbug, it asks you whether to attach a file after you have exited
the editor.

Greetings
Marc