Bug#786392: exim4-daemon-heavy: av_scanner + cmdline: wrong return code detected

Martin Schirrmacher schirrmie at gmail.com
Thu May 21 09:02:11 UTC 2015

Package: exim4-daemon-heavy
Version: 4.85-3
Severity: minor

Dear Maintainer,

I use following line in my exim config for av_scanner
    av_scanner = cmdline: /usr/bin/bdscan_exim_wrapper %s: infected: (.+)
The wrapper is a simple bash script. If I exit the script with "exit 0"
all is fine. If I exit the script with "exit 1", I'll get the following
line in /var/log/exim4/mainlog:
    "malware acl condition: cmdline: scanner returned error code: 256"
If I exit the script with "exit 2", I'll get these line in log:
    "malware acl condition: cmdline: scanner returned error code: 512"

I think the bug is in src/malware.c 
    sep = pclose(scanner_out);
This should be:
    sep = WEXITSTATUS(pclose(scanner_out));

This is a patch for 4.85
--- src/malware.c       2015-05-21 10:52:43.676273516 +0200
+++ src/malware.c       2015-05-21 10:53:00.868563036 +0200
@@ -951,7 +951,7 @@

-       sep = pclose(scanner_out);
+       sep = WEXITSTATUS(pclose(scanner_out));
        signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe);
        if (sep != 0)
            return m_errlog_defer(scanent,

I don't know how to attach this as a file?!?

Apologize if I have made false or erroneous information, this is my
first bug report

Martin Schirrmacher

-- Package-specific info:
Exim version 4.85 #2 built 28-Apr-2015 18:25:19
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
# This is a Debian specific file

dc_local_interfaces=' ; ::1'

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exim4-daemon-heavy depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  exim4-base             4.85-3
ii  libc6                  2.19-18
ii  libdb5.3               5.3.28-9
ii  libgnutls-deb0-28      3.3.8-6
ii  libldap-2.4-2          2.4.40+dfsg-1
ii  libmysqlclient18       5.5.43-0+deb8u1
ii  libpam0g               1.1.8-3.1
ii  libpcre3               2:8.35-3.3
ii  libperl5.20            5.20.2-3
ii  libpq5                 9.4.1-1
ii  libsasl2-2             2.1.26.dfsg1-13
ii  libsqlite3-0 

exim4-daemon-heavy recommends no packages.

exim4-daemon-heavy suggests no packages.

-- debconf information:

More information about the Pkg-exim4-maintainers mailing list