[Fix] F-PROT Antivirus: only check return code to determine infection

F-PROT Antivirus uses return codes 1-3 (infected, suspicious, both) to signal an infection, while 4-255 are various error codes (including infected files were found before the error occured, but it's too complicated to handle all that edge case scenarios).
Conflicts:
	src/plugins/lua/antivirus.lua

diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua
index d02cbb78c30954c1bbb0d06998b8f9e52b66bcf4..1ec51dae1a51c314d099bef26a575a17bbcdd38e 100644 (file)
--- a/src/plugins/lua/antivirus.lua
+++ b/src/plugins/lua/antivirus.lua
@@ -391,7 +391,9 @@ local function fprot_check(task, rule)
             rspamd_logger.infox(task, '%s [%s]: message is clean', rule['symbol'], rule['type'])
           end
         else
-          local vname = string.match(data, '^1 <infected: (.-)>')
+          -- returncodes: 1: infected, 2: suspicious, 3: both, 4-255: some error occured
+          -- see http://www.f-prot.com/support/helpfiles/unix/appendix_c.html for more detail
+          local vname = string.match(data, '^[1-3] <[%w%s]-: (.-)>')
           if not vname then
             rspamd_logger.errx(task, 'Unhandled response: %s', data)
           else