[Avcheck] Handling of errorcodes from DrWeb

Michael Tokarev mjt@tls.msk.ru
Wed, 06 Feb 2002 14:40:58 +0300 

This is a multi-part message in MIME format.
--------------B0D67DD412D32A4CD41FDB3E
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

Nicolai Strøm Gylling wrote:
> 
> Hi
> 
> Avcheck seems to handle some of the error-codes from DrWeb incorrectly, ex. 0x00001000 (Error code 4096), DERR_SKIPPED. I'm running Postfix and FreeBSD and have a lot of these in my maillog:
> 
> --
> 
> Feb  6 05:03:36 securemail postfix/pipe[32406]: 909A7535FB: to=<tec@torm.dk>, relay=avcheck, delay=245714, status=deferred (temporary failure. Command output: avcheck: unexpected DrWeb return code 4096 (0x1000) )
> Feb  6 06:10:17 securemail postfix/pipe[33030]: 909A7535FB: to=<tec@torm.dk>, relay=avcheck, delay=249715, status=deferred (temporary failure. Command output: avcheck: unexpected DrWeb return code 4096 (0x1000) )
> 
> --
> 
> A fast solution will be much appreciated :)

Please apply the attached patch to avcheck.c (version 0.7).  I'll produce
0.8 version shortly.  It's interesting -- I never saw this error before,
even with password-protected archives.  I just tested this and yes, drweb
now sets this bit -- it seems this was changed since some older version(s).

Regards,
 Michael.
--------------B0D67DD412D32A4CD41FDB3E
Content-Type: text/plain; charset=koi8-r;
 name="avcheck-skipped.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="avcheck-skipped.patch"

--- avcheck.c.orig	Thu Jan  3 00:18:59 2002
+++ avcheck.c	Wed Feb  6 14:37:38 2002
@@ -492,6 +492,7 @@
 #define DERR_KNOWN_VIRUS	0x00020
 #define DERR_UNKNOWN_VIRUS	0x00040
 #define DERR_VIRUS_MODIFICATION	0x00080
+#define DERR_SKIPPED		0x01000
 #define DERR_EVAL_VERSION	0x10000
 
 #define DERR_VIRUS \
@@ -528,6 +529,8 @@
                                 archives.  Without this line, all mails with
                                 attached archive(s) will be deffered if DrWeb
                                 runs in evaluation mode. */
+    c &= ~DERR_SKIPPED; /* some object was not checked, e.g. passwd-protected
+                           archive */
     c &= ~DERR_READ_ERR; /* XXX for now: drweb return this on broken .doc */
 
     if (!c)

--------------B0D67DD412D32A4CD41FDB3E--