[Mimedefang] Interesting return code from TrendMicro
Stephen Smoogen
smoogen at lanl.gov
Wed Apr 7 18:39:51 EDT 2004
On Tue, 2004-04-06 at 17:52, Stephen Smoogen wrote:
> [root at mailproxy log]# rpm -q viruswall
> viruswall-3.8-7.LANL_rhel.3
> [root at mailproxy log]# rpm -q mimedefang
> mimedefang-2.41-1.LANL_rhel.3
>
> For some reason, this combination worked with 2.35/2.39 without any
> problems. However, now I keep getting tempfail actions in the
> interpret_trend_code subroutine. A lot of debugging statements, and it
> seems to be that something is returning the code 6 versus the other
> codes of 1 2
>
> running the scan by hand on the test message gives me a return code of 1
> so I am not sure what is giving it a 6?
>
> $VirusScannerMessages .= $msg;
> $CurrentVirusScannerMessage = $msg;
> $retcode = $? / 256;
> return ($retcode, 'ok', 'proceed');
>
> The return from that procedure was
>
> 6 ok proceed
>
> Sticking in another cave-man debug to print out $? I see that if I have
> 1 eicar virus I get 512
> 2 eicar virus I get 1024
> 3 eicar virus I get 1536
>
Ok the two issues is that for some reason the $retcode needs to be
divided by 512 on Red Hat Enterprise 3 (perl 5.8 etc)
The second issue is that the logic in interpret_trend_code might need
some fixing..
sub interpret_trend_code ($) {
my($code) = @_;
# OK
return ($code, 'ok', 'ok') if ($code == 0);
# virus found
if ($code == 1 or $code == 2 or $code == 3 or $code == 4) {
...
maybe
if ($code >=1 and $code <=999) {
?
> Hmmm I think I know the problem.. just not the fix.
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- You should consider any operational computer to be a security problem --
More information about the MIMEDefang
mailing list