From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 31 Dec 2017 17:40:55 +0000 (+0000)
Subject: Fix conversation closedown with the Avast malware scanner.  Bug 2113
X-Git-Tag: exim-4_91_RC1~69
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/83d2a8615f6fede0c99dda5cb83dd510d7ad0269

Fix conversation closedown with the Avast malware scanner.  Bug 2113
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 8112d4b07..b99b8187b 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -89,6 +89,11 @@ PP/01 Fix broken Heimdal GSSAPI authenticator integration.
       Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
       Broken also in d185889f4, with init system revamp.
 
+JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner.
+      Previously we abruptly closed the connection after reading a malware-
+      found indication; now we go on to read the "scan ok" response line,
+      and send a quit.
+
 
 Exim version 4.90
 -----------------
diff --git a/src/src/malware.c b/src/src/malware.c
index c18cd95be..e74ba9830 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1968,15 +1968,17 @@ b_seek:   err = errno;
 		    0, 0, ovector, nelem(ovector)) > 0)
 		break;
 
-	      if ((malware_name = m_pcre_exec(ava_re_virus, buf)))
+	      if (  !malware_name
+	         && (malware_name = m_pcre_exec(ava_re_virus, buf)))
 		{ /* remove backslash in front of [whitespace|backslash] */
 		uschar * p, * p0;
 		for (p = malware_name; *p; ++p)
 		  if (*p == '\\' && (isspace(p[1]) || p[1] == '\\'))
 		    for (p0 = p; *p0; ++p0) *p0 = p0[1];
 
-		avast_stage = AVA_DONE;
-		goto endloop;
+		DEBUG(D_acl)
+		  debug_printf_indent("unescaped m-name: '%s'\n", malware_name);
+		break;
 		}
 
 	      if (Ustrncmp(buf, "200 SCAN OK", 11) == 0)
@@ -1987,15 +1989,14 @@ b_seek:   err = errno;
 			      "unable to send quit request to socket (%s): %s",
 			      scanner_options, strerror(errno)),
 			      sock);
-		malware_name = NULL;
+
 		avast_stage = AVA_DONE;
-		goto endloop;
 		}
 
-	      /* here for any unexpected response from the scanner */
+	      /* here also for any unexpected response from the scanner */
 	      goto endloop;
 
-	    case AVA_DONE:	log_write(0, LOG_PANIC, "%s:%d:%s: should not happen",
+	    default:	log_write(0, LOG_PANIC, "%s:%d:%s: should not happen",
 			    __FILE__, __LINE__, __FUNCTION__);
 	    }
 	  }
diff --git a/test/scripts/4007_scan_avast/4007 b/test/scripts/4007_scan_avast/4007
index a58188c95..0611f2a96 100644
--- a/test/scripts/4007_scan_avast/4007
+++ b/test/scripts/4007_scan_avast/4007
@@ -10,7 +10,7 @@ server DIR/eximdir/avast_sock
 >LF>blah	[+]
 >LF>200 SCAN OK
 <QUIT
-<*eof
+*eof
 ****
 #
 #
@@ -36,7 +36,7 @@ server DIR/eximdir/avast_sock
 >LF>blah	[E]
 >LF>200 SCAN OK
 <QUIT
-<*eof
+*eof
 ****
 #
 #
@@ -62,7 +62,7 @@ server DIR/eximdir/avast_sock
 >LF>b\\ l\\ a\\ h	[L]9.9	9 VNAME
 >LF>200 SCAN OK
 <QUIT
-<*eof
+*eof
 ****
 #
 #
diff --git a/test/stdout/4007 b/test/stdout/4007
index 19e0f305b..603de1521 100644
--- a/test/stdout/4007
+++ b/test/stdout/4007
@@ -66,7 +66,7 @@ Connection request
 >LF>blah\x09[+]
 >LF>200 SCAN OK
 <QUIT
-Unexpected EOF read from client
+Expected EOF read from client
 End of script
 Listening on TESTSUITE/eximdir/avast_sock ... 
 Connection request
@@ -83,7 +83,9 @@ Connection request
 >LF>210 SCAN DATA
 >LF>b\\ l\\ a\\ h\x09[L]9.9\x099 VNAME
 >LF>200 SCAN OK
-Unexpected EOF read from client
+<QUIT
+Expected EOF read from client
+End of script
 Listening on TESTSUITE/eximdir/avast_sock ... 
 Connection request
 *sleep 3