Clarify that the ACL framework is not invoked for -bmalware, so that using

ACL variables in av_scanner blindly will not work.

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 14c1bf8d8c592b5f3d5b1f3ddad9060e700cf5e1..1ec4181016236d5e7b7ce5a88bac7e3814cda9bd 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.87 2010/06/12 15:21:25 jetmore Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.88 2010/06/14 18:51:09 pdp Exp $

 .
 . /////////////////////////////////////////////////////////////////////////////
 . This is the primary source of the Exim Manual. It is an xfpt document that is
 .
 . /////////////////////////////////////////////////////////////////////////////
 . This is the primary source of the Exim Manual. It is an xfpt document that is


@@ -3184,12 +3184,15 @@ the listening daemon.
 .cindex "testing", "malware"
 .cindex "malware scan test"
 This debugging option causes Exim to scan the given file,
 .cindex "testing", "malware"
 .cindex "malware scan test"
 This debugging option causes Exim to scan the given file,

-using the malware scanning framework.  The option of av_scanner influences
-this option, so if av_scanner's value is dependent upon an expansion then
-the expansion should have defaults which apply to this invocation.  Exim will
-have changed working directory before resolving the filename, so using fully
-qualified pathnames is advisable.  Exim will be running as the Exim user
-when it tries to open the file, rather than as the invoking user.
+using the malware scanning framework.  The option of &%av_scanner%& influences
+this option, so if &%av_scanner%&'s value is dependent upon an expansion then
+the expansion should have defaults which apply to this invocation.  ACLs are
+not invoked, so if &%av_scanner%& references an ACL variable then that variable
+will never be populated and &%-bmalware%& will fail.
+
+Exim will have changed working directory before resolving the filename, so
+using fully qualified pathnames is advisable.  Exim will be running as the Exim
+user when it tries to open the file, rather than as the invoking user.

 This option requires admin privileges.
 
 The &%-bmalware%& option will not be extended to be more generally useful,
 This option requires admin privileges.
 
 The &%-bmalware%& option will not be extended to be more generally useful,

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index dbf7e86001e4c330c63983f9b2bad61d7b2be734..a3e3362a433bcb74ed8f13ace5bc1cd6b7c13f83 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.175 2010/06/12 15:21:25 jetmore Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.176 2010/06/14 18:51:10 pdp Exp $

 
 New Features in Exim
 --------------------
 
 New Features in Exim
 --------------------


@@ -42,6 +42,8 @@ Version 4.73
     takes one parameter, a filename, and scans that file with Exim's
     malware-scanning framework.  This is intended purely as a debugging aid
     to ensure that Exim's scanning is working, not to replace other tools.
     takes one parameter, a filename, and scans that file with Exim's
     malware-scanning framework.  This is intended purely as a debugging aid
     to ensure that Exim's scanning is working, not to replace other tools.

+    Note that the ACL framework is not invoked, so if av_scanner references
+    ACL variables without a fallback then this will fail.

 
  5. There is a new expansion operator, "reverse_ip", which will reverse IP
     addresses; IPv4 into dotted quad, IPv6 into dotted nibble.  Examples:
 
  5. There is a new expansion operator, "reverse_ip", which will reverse IP
     addresses; IPv4 into dotted quad, IPv6 into dotted nibble.  Examples: