Clarify that the ACL framework is not invoked for -bmalware, so that using

ACL variables in av_scanner blindly will not work.

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 14c1bf8d8c592b5f3d5b1f3ddad9060e700cf5e1..1ec4181016236d5e7b7ce5a88bac7e3814cda9bd 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.87 2010/06/12 15:21:25 jetmore Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.88 2010/06/14 18:51:09 pdp Exp $
 .
 . /////////////////////////////////////////////////////////////////////////////
 . This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -3184,12 +3184,15 @@ the listening daemon.
 .cindex "testing", "malware"
 .cindex "malware scan test"
 This debugging option causes Exim to scan the given file,
-using the malware scanning framework.  The option of av_scanner influences
-this option, so if av_scanner's value is dependent upon an expansion then
-the expansion should have defaults which apply to this invocation.  Exim will
-have changed working directory before resolving the filename, so using fully
-qualified pathnames is advisable.  Exim will be running as the Exim user
-when it tries to open the file, rather than as the invoking user.
+using the malware scanning framework.  The option of &%av_scanner%& influences
+this option, so if &%av_scanner%&'s value is dependent upon an expansion then
+the expansion should have defaults which apply to this invocation.  ACLs are
+not invoked, so if &%av_scanner%& references an ACL variable then that variable
+will never be populated and &%-bmalware%& will fail.
+
+Exim will have changed working directory before resolving the filename, so
+using fully qualified pathnames is advisable.  Exim will be running as the Exim
+user when it tries to open the file, rather than as the invoking user.
 This option requires admin privileges.
 
 The &%-bmalware%& option will not be extended to be more generally useful,

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index dbf7e86001e4c330c63983f9b2bad61d7b2be734..a3e3362a433bcb74ed8f13ace5bc1cd6b7c13f83 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.175 2010/06/12 15:21:25 jetmore Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.176 2010/06/14 18:51:10 pdp Exp $
 
 New Features in Exim
 --------------------
@@ -42,6 +42,8 @@ Version 4.73
     takes one parameter, a filename, and scans that file with Exim's
     malware-scanning framework.  This is intended purely as a debugging aid
     to ensure that Exim's scanning is working, not to replace other tools.
+    Note that the ACL framework is not invoked, so if av_scanner references
+    ACL variables without a fallback then this will fail.
 
  5. There is a new expansion operator, "reverse_ip", which will reverse IP
     addresses; IPv4 into dotted quad, IPv6 into dotted nibble.  Examples: