[Fix] F-PROT Antivirus: only check return code to determine infection

F-PROT Antivirus uses return codes 1-3 (infected, suspicious, both) to signal an infection, while 4-255 are various error codes (including infected files were found before the error occured, but it's too complicated to handle all that edge case scenarios).

diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua
index c35b8cfd619d8879abc4dfa2db5779820889ed5e..4b69b88504b11456d6415e4246407f19513562eb 100644 (file)
--- a/src/plugins/lua/antivirus.lua
+++ b/src/plugins/lua/antivirus.lua
@@ -410,7 +410,9 @@ local function fprot_check(task, rule)
             rspamd_logger.infox(task, '%s [%s]: message is clean', rule['symbol'], rule['type'])
           end
         else
-          local vname = string.match(data, '^1 <.*infected.*: (.-)>')
+          -- returncodes: 1: infected, 2: suspicious, 3: both, 4-255: some error occured
+          -- see http://www.f-prot.com/support/helpfiles/unix/appendix_c.html for more detail
+          local vname = string.match(data, '^[1-3] <[%w%s]-: (.-)>')
           if not vname then
             rspamd_logger.errx(task, 'Unhandled response: %s', data)
           else