+
+ case M_AVAST: /* "avast" scanner type ----------------------------------- */
+ {
+ int ovector[1*3];
+ uschar buf[1024];
+ uschar * scanrequest;
+ enum {AVA_HELO, AVA_OPT, AVA_RSP, AVA_DONE} avast_stage;
+ int nread;
+
+ /* According to Martin Tuma @avast the protocol uses "escaped
+ whitespace", that is, every embedded whitespace is backslash
+ escaped, as well as backslash is protected by backslash.
+ The returned lines contain the name of the scanned file, a tab
+ and the [ ] marker.
+ [+] - not infected
+ [L] - infected
+ [E] - some error occured
+ Such marker follows the first non-escaped TAB. */
+ if ( ( !ava_re_clean
+ && !(ava_re_clean = m_pcre_compile(ava_re_clean_str, &errstr)))
+ || ( !ava_re_virus
+ && !(ava_re_virus = m_pcre_compile(ava_re_virus_str, &errstr)))
+ )
+ return malware_errlog_defer(errstr);
+
+ /* wait for result */
+ for (avast_stage = AVA_HELO;
+ (nread = recv_line(sock, buf, sizeof(buf), tmo)) > 0;
+ )
+ {
+ int slen = Ustrlen(buf);
+ if (slen >= 1)
+ {
+ DEBUG(D_acl) debug_printf_indent("got from avast: %s\n", buf);
+ switch (avast_stage)
+ {
+ case AVA_HELO:
+ if (Ustrncmp(buf, "220", 3) != 0)
+ goto endloop; /* require a 220 */
+ goto sendreq;
+
+ case AVA_OPT:
+ if (Ustrncmp(buf, "210", 3) == 0)
+ break; /* ignore 210 responses */
+ if (Ustrncmp(buf, "200", 3) != 0)
+ goto endloop; /* require a 200 */
+
+ sendreq:
+ {
+ int len;
+ /* Check for another option to send. Newline-terminate it. */
+ if ((scanrequest = string_nextinlist(&av_scanner_work, &sep,
+ NULL, 0)))
+ {
+ scanrequest = string_sprintf("%s\n", scanrequest);
+ avast_stage = AVA_OPT; /* just sent option */
+ }
+ else
+ {
+ scanrequest = string_sprintf("SCAN %s\n", eml_dir);
+ avast_stage = AVA_RSP; /* just sent command */
+ }
+
+ /* send config-cmd or scan-request to socket */
+ len = Ustrlen(scanrequest);
+ if (send(sock, scanrequest, len, 0) < 0)
+ {
+ scanrequest[len-1] = '\0';
+ return m_errlog_defer_3(scanent, CUS callout_address, string_sprintf(
+ "unable to send request '%s' to socket (%s): %s",
+ scanrequest, scanner_options, strerror(errno)), sock);
+ }
+ break;
+ }
+
+ case AVA_RSP:
+ if (Ustrncmp(buf, "210", 3) == 0)
+ break; /* ignore the "210 SCAN DATA" message */
+
+ if (pcre_exec(ava_re_clean, NULL, CS buf, slen,
+ 0, 0, ovector, nelements(ovector)) > 0)
+ break;
+
+ if ((malware_name = m_pcre_exec(ava_re_virus, buf)))
+ { /* remove backslash in front of [whitespace|backslash] */
+ uschar * p, * p0;
+ for (p = malware_name; *p; ++p)
+ if (*p == '\\' && (isspace(p[1]) || p[1] == '\\'))
+ for (p0 = p; *p0; ++p0) *p0 = p0[1];
+
+ avast_stage = AVA_DONE;
+ goto endloop;
+ }
+
+ if (Ustrncmp(buf, "200 SCAN OK", 11) == 0)
+ { /* we're done finally */
+ if (send(sock, "QUIT\n", 5, 0) < 0) /* courtesy */
+ return m_errlog_defer_3(scanent, CUS callout_address,
+ string_sprintf(
+ "unable to send quit request to socket (%s): %s",
+ scanner_options, strerror(errno)),
+ sock);
+ malware_name = NULL;
+ avast_stage = AVA_DONE;
+ goto endloop;
+ }
+
+ /* here for any unexpected response from the scanner */
+ goto endloop;
+
+ case AVA_DONE: log_write(0, LOG_PANIC, "%s:%d:%s: should not happen",
+ __FILE__, __LINE__, __FUNCTION__);
+ }
+ }
+ }
+ endloop:
+
+ switch(avast_stage)
+ {
+ case AVA_HELO:
+ case AVA_OPT:
+ case AVA_RSP: return m_errlog_defer_3(scanent, CUS callout_address,
+ nread >= 0
+ ? string_sprintf(
+ "invalid response from scanner: '%s'", buf)
+ : nread == -1
+ ? US"EOF from scanner"
+ : US"timeout from scanner",
+ sock);
+ default: break;
+ }
+ break;