6622386 Modified bit is not set when a existing file is modified with an invalid scan engine configured

6634473 libvscan/Makefile.com contains unnecessary entries
6635736 SUNWvscanu packaging issues with snv_78.
6641932 vscan wasting system resources
6642770 when scan engine disabled its scanstamp still used in check if file's scanstamp is current
6642777 vscan kernel module unregistering from VFS immediately when daemon dies
6651761 Connection goes to CLOSE_WAIT when icap server closes connection

6 files changed, 184 insertions, 142 deletions

diff --git a/usr/src/cmd/vscan/vscand/vs_door.c b/usr/src/cmd/vscan/vscand/vs_door.c
index 9eb2b2d16e..1d2bbd522d 100644
--- a/usr/src/cmd/vscan/vscand/vs_door.c
+++ b/usr/src/cmd/vscan/vscand/vs_door.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -111,31 +111,30 @@ static void
 vs_door_scan_req(void *cookie, char *ptr, size_t size, door_desc_t *dp,
     uint_t n_desc)
 {
-	int flags = 0, access = VS_ACCESS_DENY;
+	int flags = 0;
 	vs_scan_req_t scan_rsp;
-	/* LINTED E_BAD_PTR_CAST_ALIGN - to be fixed with encoding */
-	vs_scan_req_t *scan_req = (vs_scan_req_t *)ptr;
-	char *fname = scan_req->vsr_path;
+	vs_scan_req_t *scan_req;
 	char devname[MAXPATHLEN];
-	uint64_t fsize = scan_req->vsr_size;
 	vs_attr_t fattr;
 
-	(void) snprintf(devname, MAXPATHLEN, "%s%d",
-	    VS_DRV_PATH, scan_req->vsr_id);
-	fattr.vsa_size = fsize;
-	fattr.vsa_modified = scan_req->vsr_modified;
-	fattr.vsa_quarantined = scan_req->vsr_quarantined;
-	(void) strlcpy(fattr.vsa_scanstamp, scan_req->vsr_scanstamp,
-	    sizeof (vs_scanstamp_t));
-
-	access = vs_svc_scan_file(devname, fname, &fattr, flags);
-
-	/* process result */
-	scan_rsp.vsr_access = access;
-	scan_rsp.vsr_modified = fattr.vsa_modified;
-	scan_rsp.vsr_quarantined = fattr.vsa_quarantined;
-	(void) strlcpy(scan_rsp.vsr_scanstamp, fattr.vsa_scanstamp,
-	    sizeof (vs_scanstamp_t));
+	if (ptr == NULL) {
+		scan_rsp.vsr_result = VS_STATUS_ERROR;
+		scan_rsp.vsr_scanstamp[0] = '\0';
+	} else {
+		/* LINTED E_BAD_PTR_CAST_ALIGN - to be fixed with encoding */
+		scan_req = (vs_scan_req_t *)ptr;
+		(void) snprintf(devname, MAXPATHLEN, "%s%d",
+		    VS_DRV_PATH, scan_req->vsr_id);
+
+		fattr.vsa_size = scan_req->vsr_size;
+		fattr.vsa_modified = scan_req->vsr_modified;
+		fattr.vsa_quarantined = scan_req->vsr_quarantined;
+		(void) strlcpy(fattr.vsa_scanstamp, scan_req->vsr_scanstamp,
+		    sizeof (vs_scanstamp_t));
+
+		scan_rsp.vsr_result = vs_svc_scan_file(devname,
+		    scan_req->vsr_path, &fattr, flags, &scan_rsp.vsr_scanstamp);
+	}
 
 	(void) door_return((char *)&scan_rsp, sizeof (vs_scan_req_t), NULL, 0);
 }
diff --git a/usr/src/cmd/vscan/vscand/vs_eng.c b/usr/src/cmd/vscan/vscand/vs_eng.c
index a6777360be..24ededc6af 100644
--- a/usr/src/cmd/vscan/vscand/vs_eng.c
+++ b/usr/src/cmd/vscan/vscand/vs_eng.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -116,15 +116,11 @@ vs_eng_init()
  *
  * Configure scan engine connections.
  *
- * The enable property is the single indicator that the engine
- * configuration is valid. Configuration is guaranteed (by the
- * library) to be consistent; if the host is invalid or unconfigured,
- * the enable setting will always be false.
- *
  * If a scan engine has been reconfigured (different host or port)
- * the scan engine's error count and statitics are reset, and
+ * the scan engine's error count is reset.
+ *
  * vs_icap_config is invoked to reset engine-specific data stored
- * in vs_icap
+ * in vs_icap.
  *
  */
 void
@@ -132,6 +128,7 @@ vs_eng_config(vs_props_all_t *config)
 {
 	int i;
 	vs_props_se_t *cfg;
+	vs_engine_t *eng;
 
 	(void) pthread_mutex_lock(&vs_eng_mutex);
 
@@ -140,21 +137,20 @@ vs_eng_config(vs_props_all_t *config)
 
 	for (i = 0; i < VS_SE_MAX; i++) {
 		cfg = &config->va_se[i];
+		eng = &vs_engines[i];
 
-		if (vs_eng_compare(i, cfg->vep_host, cfg->vep_port) != 0) {
-			vs_engines[i].vse_error = 0;
-			vs_icap_config(i, cfg->vep_host, cfg->vep_port);
-		}
+		if (vs_eng_compare(i, cfg->vep_host, cfg->vep_port) != 0)
+			eng->vse_error = 0;
 
 		if (cfg->vep_enable) {
-			vs_engines[i].vse_cfg = *cfg;
+			eng->vse_cfg = *cfg;
 			vs_eng_total_maxcon += cfg->vep_maxconn;
 			vs_eng_count++;
 		} else {
-			(void) memset(&vs_engines[i].vse_cfg, 0,
-			    sizeof (vs_props_se_t));
+			(void) memset(&eng->vse_cfg, 0, sizeof (vs_props_se_t));
 		}
 
+		vs_icap_config(i, eng->vse_cfg.vep_host, eng->vse_cfg.vep_port);
 	}
 
 	if ((vs_eng_total_maxcon <= 0) || (vs_eng_count == 0))
@@ -477,6 +473,8 @@ vs_eng_connect(vs_eng_conn_t *conn)
 	    &sock_opt, sizeof (sock_opt)) < 0) ||
 	    (setsockopt(conn->vsc_sockfd, SOL_SOCKET, SO_KEEPALIVE,
 	    &sock_opt, sizeof (sock_opt)) < 0)) {
+		syslog(LOG_WARNING, "Scan Engine - connection error (%s:%d) %s",
+		    conn->vsc_host, conn->vsc_port, strerror(errno));
 		(void) close(conn->vsc_sockfd);
 		conn->vsc_sockfd = -1;
 		return (-1);
@@ -553,10 +551,11 @@ vs_eng_scanstamp_current(vs_scanstamp_t scanstamp)
 	if (scanstamp[0] == '\0')
 		return (0);
 
-	/* if scanstamp matches that of any engine with no errors */
+	/* if scanstamp matches that of any enabled engine with no errors */
 	(void) pthread_mutex_lock(&vs_eng_mutex);
 	for (i = 0; i < VS_SE_MAX; i++) {
-		if ((vs_engines[i].vse_error == 0) &&
+		if ((vs_engines[i].vse_cfg.vep_enable) &&
+		    (vs_engines[i].vse_error == 0) &&
 		    (vs_icap_compare_scanstamp(i, scanstamp) == 0))
 			break;
 	}
diff --git a/usr/src/cmd/vscan/vscand/vs_icap.c b/usr/src/cmd/vscan/vscand/vs_icap.c
index 672e36d363..cb970ffe32 100644
--- a/usr/src/cmd/vscan/vscand/vs_icap.c
+++ b/usr/src/cmd/vscan/vscand/vs_icap.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -198,7 +198,7 @@ vs_icap_fini()
 /*
  * vs_icap_config
  *
- * When a new NAS AVA configuration is specified, this will be
+ * When a new VSCAN configuration is specified, this will be
  * called per scan engine. If the scan engine host or port has
  * changed delete the vs_options entry for that scan engine.
  */
@@ -242,7 +242,7 @@ vs_icap_scan_file(vs_eng_conn_t *conn, char *devname, char *fname,
 	int fd;
 
 	if ((fd = open(devname, O_RDONLY)) == -1) {
-		syslog(LOG_ERR, "Failed to open device %s\n", devname);
+		syslog(LOG_ERR, "Failed to open device %s", devname);
 		result->vsr_rc = VS_RESULT_ERROR;
 		return (result->vsr_rc);
 	}
@@ -1271,12 +1271,16 @@ vs_icap_readline(vs_scan_ctx_t *ctx, char *buf, int buflen)
 		errno = 0;
 		retval = recv(ctx->vsc_sockfd, &c, 1, 0);
 
-		if (retval < 0 && errno != EINTR)
-			return (-1);
-
-		if (retval <= 0)
+		if (retval < 0 && errno == EINTR)
 			continue;
 
+		if (retval <= 0) {
+			syslog(LOG_ERR, "Error receiving data from Scan Engine:"
+			    " %s", retval == 0 ? "Scan Engine disconnected"
+			    : strerror(errno));
+			return (-1);
+		}
+
 		buf[i++] = c;
 		if (c == '\n')
 			break;
diff --git a/usr/src/cmd/vscan/vscand/vs_incl.h b/usr/src/cmd/vscan/vscand/vs_incl.h
index 034a49ca44..9977f2a1c2 100644
--- a/usr/src/cmd/vscan/vscand/vs_incl.h
+++ b/usr/src/cmd/vscan/vscand/vs_incl.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -43,7 +43,7 @@ extern "C" {
 #include <sys/vscan.h>
 #include <libvscan.h>
 
-/* vscan result code - "scan_ret_code" field of vs_result_t */
+/* vscan result code - "vsr_rc" field of vs_result_t */
 #define	VS_RESULT_SE_ERROR    	-2 /* scan engine i/f error */
 #define	VS_RESULT_ERROR    	-1
 #define	VS_RESULT_UNDEFINED	0
@@ -99,7 +99,7 @@ typedef struct vs_eng_conn {
 	int vsc_sockfd;
 	struct vs_eng_conn *vsc_next;
 	struct vs_eng_conn *vsc_prev;
-}vs_eng_conn_t;
+} vs_eng_conn_t;
 
 
 /* file attributes used by virus scanning */
@@ -120,7 +120,7 @@ void vs_door_fini(void);
 
 void vs_svc_init(void);
 void vs_svc_fini(void);
-int vs_svc_scan_file(char *, char *, vs_attr_t *, int);
+int vs_svc_scan_file(char *, char *, vs_attr_t *, int, vs_scanstamp_t *);
 
 void vs_eng_init(void);
 void vs_eng_fini(void);
diff --git a/usr/src/cmd/vscan/vscand/vs_svc.c b/usr/src/cmd/vscan/vscand/vs_svc.c
index 5f8f0060be..d0fee6db30 100644
--- a/usr/src/cmd/vscan/vscand/vs_svc.c
+++ b/usr/src/cmd/vscan/vscand/vs_svc.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -43,7 +43,6 @@
 #include "vs_incl.h"
 
 /* local functions */
-static int  vs_svc_process_scan_result(vs_attr_t *, vs_result_t *);
 static void vs_svc_vlog(char *, vs_result_t *);
 static void vs_svc_audit(char *, vs_result_t *);
 
@@ -74,25 +73,35 @@ vs_svc_fini()
  *  - updating scan statistics
  *  - logging virus information
  *
+ *
  * Returns:
- *  VS_ACCESS_ALLOW, VS_ACCESS_DENY
+ *  VS_STATUS_NO_SCAN - scan not reqd, or daemon shutting down
+ *  VS_STATUS_CLEAN - scan success. File clean.
+ *                    new scanstamp returned in scanstamp param.
+ *  VS_STATUS_INFECTED - scan success. File infected.
+ *  VS_STATUS_ERROR - scan failure either in vscand or scan engine.
  */
 int
-vs_svc_scan_file(char *devname, char *fname, vs_attr_t *fattr, int flags)
+vs_svc_scan_file(char *devname, char *fname, vs_attr_t *fattr, int flags,
+    vs_scanstamp_t *scanstamp)
 {
 	vs_eng_conn_t conn;
-	int access = VS_ACCESS_UNDEFINED;
-	int rc, retries;
+	int retries;
 	vs_result_t result;
 
-	/* deny access to quarantined files */
+	/* initialize response scanstamp to current scanstamp value */
+	(void) strlcpy(*scanstamp, fattr->vsa_scanstamp,
+	    sizeof (vs_scanstamp_t));
+
+
+	/* No scan if file quarantined */
 	if (fattr->vsa_quarantined)
-		return (VS_ACCESS_DENY);
+		return (VS_STATUS_NO_SCAN);
 
-	/* allow access if not modified & scanstamp current */
-	if ((fattr->vsa_modified  == 0) &&
+	/* No scan if file not modified AND scanstamp is current */
+	if ((fattr->vsa_modified == 0) &&
 	    vs_eng_scanstamp_current(fattr->vsa_scanstamp)) {
-		return (VS_ACCESS_ALLOW);
+		return (VS_STATUS_NO_SCAN);
 	}
 
 	(void) memset(&result, 0, sizeof (vs_result_t));
@@ -101,109 +110,67 @@ vs_svc_scan_file(char *devname, char *fname, vs_attr_t *fattr, int flags)
 	for (retries = 0; retries <= VS_MAX_RETRY; retries++) {
 		/* identify available engine connection */
 		if (vs_eng_get(&conn, retries) != 0) {
-			rc = VS_RESULT_ERROR;
+			result.vsr_rc = VS_RESULT_ERROR;
 			continue;
 		}
 
 		/* connect to engine and scan file */
-		if (vs_eng_connect(&conn) != 0)
-			rc = VS_RESULT_SE_ERROR;
-		else {
+		if (vs_eng_connect(&conn) != 0) {
+			result.vsr_rc = VS_RESULT_SE_ERROR;
+		} else {
 			if (vscand_get_state() == VS_STATE_SHUTDOWN) {
 				vs_eng_release(&conn);
-				return (VS_ACCESS_ALLOW);
+				return (VS_STATUS_NO_SCAN);
 			}
 
-			rc = vs_icap_scan_file(&conn, devname, fname,
+			(void) vs_icap_scan_file(&conn, devname, fname,
 			    fattr->vsa_size, flags, &result);
 		}
 
 		/* if no error, clear error state on engine and break */
-		if ((rc != VS_RESULT_SE_ERROR) && (rc != VS_RESULT_ERROR)) {
+		if ((result.vsr_rc != VS_RESULT_SE_ERROR) &&
+		    (result.vsr_rc != VS_RESULT_ERROR)) {
 			vs_eng_set_error(&conn, 0);
 			vs_eng_release(&conn);
 			break;
 		}
 
-		/* if scan failed due to shutdown, allow access */
+		/* treat error on shutdown as scan not required */
 		if (vscand_get_state() == VS_STATE_SHUTDOWN) {
 			vs_eng_release(&conn);
-			return (VS_ACCESS_ALLOW);
+			return (VS_STATUS_NO_SCAN);
 		}
 
 		/* set engine's error state and update engine stats */
-		if (rc == VS_RESULT_SE_ERROR) {
+		if (result.vsr_rc == VS_RESULT_SE_ERROR) {
 			vs_eng_set_error(&conn, 1);
 			vs_stats_eng_err(conn.vsc_engid);
 		}
 		vs_eng_release(&conn);
 	}
 
-	vs_stats_set(rc);
+	vs_stats_set(result.vsr_rc);
 
-	/* if file infected, update virus log and write audit record */
+	/*
+	 * VS_RESULT_CLEANED - file infected, cleaned data available
+	 * VS_RESULT_FORBIDDEN - file infected, no cleaned data
+	 * Log virus, write audit record and return INFECTED status
+	 */
 	if (result.vsr_rc == VS_RESULT_CLEANED ||
 	    result.vsr_rc == VS_RESULT_FORBIDDEN) {
 		vs_svc_vlog(fname, &result);
 		vs_svc_audit(fname, &result);
+		return (VS_STATUS_INFECTED);
 	}
 
-	access = vs_svc_process_scan_result(fattr, &result);
-
-	return (access);
-}
-
-
-/*
- * vs_svc_process_scan_result
- *
- * Translate the scan result into VS_ACCESS_ALLOW or VS_ACCESS_DENY.
- * If the scan failed (VS_RESULT_ERROR) deny access if the
- * scan was initiated because the file had been modified or
- * had never been scanned. Otherwise allow access.
- *
- *   If file has been modified or has never been scanned, it must
- *   be successfully scanned before access is allowed
- *
- *   If the file has previously been scanned and has not been
- *   modified, don't deny access if scan fail, only if the file
- *   is found to be infected.
- *
- * If the file is still infected set quarantine attribute,
- * otherwise clear modified attribute.
- *
- * Returns: VS_ACCESS_ALLOW, VS_ACCESS_DENY
- */
-static int
-vs_svc_process_scan_result(vs_attr_t *fattr, vs_result_t *result)
-{
-	int access = VS_ACCESS_DENY;
-
-	switch (result->vsr_rc) {
-	case VS_RESULT_CLEANED:
-	case VS_RESULT_FORBIDDEN:
-		fattr->vsa_scanstamp[0] = '\0';
-		fattr->vsa_quarantined = 1;
-		access = VS_ACCESS_DENY;
-		break;
-	case VS_RESULT_CLEAN:
-		(void) strlcpy(fattr->vsa_scanstamp, result->vsr_scanstamp,
+	/* VS_RESULT_CLEAN - Set the scanstamp and return CLEAN status */
+	if (result.vsr_rc == VS_RESULT_CLEAN) {
+		(void) strlcpy(*scanstamp, result.vsr_scanstamp,
 		    sizeof (vs_scanstamp_t));
-		fattr->vsa_modified = 0;
-		access = VS_ACCESS_ALLOW;
-		break;
-	case VS_RESULT_ERROR:
-	case VS_RESULT_SE_ERROR:
-	case VS_RESULT_UNDEFINED:
-	default:
-		if ((fattr->vsa_modified) || (fattr->vsa_scanstamp[0] == '\0'))
-			access = VS_ACCESS_DENY;
-		else
-			access = VS_ACCESS_ALLOW;
-		break;
+		return (VS_STATUS_CLEAN);
 	}
 
-	return (access);
+	return (VS_STATUS_ERROR);
 }
 
 
diff --git a/usr/src/cmd/vscan/vscand/vscan.d b/usr/src/cmd/vscan/vscand/vscan.d
index 050fb24c72..f7a16172d6 100755
--- a/usr/src/cmd/vscan/vscand/vscan.d
+++ b/usr/src/cmd/vscan/vscand/vscan.d
@@ -20,7 +20,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -62,8 +62,7 @@ sdt:vscan::vscan-wait-scan
 
 sdt:vscan::vscan-wait-slot
 {
-	printf("%s",
-		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path));
+	printf("%s", stringof(arg0));
 }
 
 sdt:vscan::vscan-insert
@@ -76,7 +75,7 @@ sdt:vscan::vscan-release
 	printf("idx: %d - %s", arg1, stringof(arg0));
 }
 
-sdt:vscan::vscan-attr
+sdt:vscan::vscan-getattr
 {
 	printf("%s, m: %d, q: %d, scanstamp: %s",
 		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path),
@@ -85,7 +84,47 @@ sdt:vscan::vscan-attr
 		stringof(((vscan_file_t *)arg0)->vsf_scanstamp));
 }
 
+sdt:vscan::vscan-setattr
+{
+	/* XAT_AV_QUARANTINED */
+	printf("%s", (arg1 & 0x400) == 0 ? "" :
+	    ((vscan_file_t *)arg0)->vsf_quarantined ? "q: 1, " : "q: 0, ");
+
+	/* XAT_AV_MODIFIED */
+	printf("%s", (arg1 & 0x800) == 0 ? "" :
+	    ((vscan_file_t *)arg0)->vsf_modified ? "m: 1, " : "m: 0, ");
+
+	/* XAT_AV_SCANSTAMP */
+	printf("%s", (arg1 & 0x1000) == 0 ? "" : "scanstamp: ");
+	printf("%s", (arg1 & 0x1000) == 0 ? "" :
+	    stringof(((vscan_file_t *)arg0)->vsf_scanstamp));
+}
+
 
+sdt:vscan::vscan-mtime-changed
+{
+	printf("%s",
+		stringof(((vscan_file_t *)arg0)->vsf_req.vsr_vp->v_path));
+}
+
+
+sdt:vscan::vscan-result
+{
+	printf("VS_STATUS_%s - VS_ACCESS_%s",
+	    arg0 == 0 ? "UNDEFINED" :
+	    arg0 == 1 ? "NO_SCAN" :
+	    arg0 == 2 ? "ERROR" :
+	    arg0 == 3 ? "CLEAN" :
+	    arg0 == 4 ? "INFECTED" : "XXX unknown",
+	    arg1 == 0 ? "UNDEFINED" :
+	    arg1 == 1 ? "ALLOW" : "DENY");
+}
+
+
+fbt:vscan:vscan_svc_enable:entry,
+fbt:vscan:vscan_svc_enable:return,
+fbt:vscan:vscan_svc_disable:entry,
+fbt:vscan:vscan_svc_disable:return,
 fbt:vscan:vscan_svc_configure:entry,
 fbt:vscan:vscan_svc_configure:return,
 fbt:vscan:vscan_svc_exempt_filetype:entry,
@@ -114,10 +153,16 @@ fbt:vscan:vscan_door_scan_file:entry
 }
 fbt:vscan:vscan_door_scan_file:return
 {
+	printf("%s", args[1] == 0 ? "success" : "error");
 }
 
 /* vscan_drv.c */
 
+sdt:vscan::vscan-minor-node
+{
+	printf("vscan%d %s", arg0, arg1 != 0 ? "created" : "error");
+}
+
 /*
  * unprivileged vscan driver access attempt
  */
@@ -145,9 +190,36 @@ fbt:vscan:vscan_drv_close:entry
 fbt:vscan:vscan_drv_ioctl:entry
 / (int)args[0] == 0/
 {
-	printf("vscan daemon ioctl %d", args[1]);
+	printf("vscan daemon ioctl %d %s", args[1],
+		args[1] == 1 ? "ENABLE" :
+		args[1] == 2 ? "DISABLE" :
+		args[1] == 4 ? "CONFIG" : "unknown");
+}
+
+fbt:vscan:vscan_drv_delayed_disable:entry,
+fbt:vscan:vscan_drv_delayed_disable:return
+{
+}
+
+sdt:vscan::vscan-reconnect
+{
+}
+
+/*
+fbt:vscan:vscan_drv_attach:entry,
+fbt:vscan:vscan_drv_attach:return,
+fbt:vscan:vscan_drv_detach:entry,
+fbt:vscan:vscan_drv_detach:return
+{
 }
 
+fbt:vscan:vscan_drv_in_use:return,
+fbt:vscan:vscan_svc_in_use:return
+{
+	printf("%s", args[1] ? "in use" : "not in use");
+}
+*/
+
 
 /*
  * file access
@@ -169,8 +241,6 @@ fbt:vscan:vscan_drv_read:entry
 */
 
 
-
-
 /*
  *** vscan daemon - vscand ***
  */
@@ -184,10 +254,12 @@ pid$target::vs_icap_scan_file:entry
 
 pid$target::vs_svc_scan_file:return
 {
-	printf("%s",
-	    arg1 == 0 ? "scan required" :
-	    arg1 == 1 ? "ALLOW" :
-	    arg1 == 2 ? "DENY" : "UNKNOWN");
+	printf("VS_STATUS_%s",
+	    arg1 == 0 ? "UNDEFINED" :
+	    arg1 == 1 ? "NO_SCAN" :
+	    arg1 == 2 ? "ERROR" :
+	    arg1 == 3 ? "CLEAN" :
+	    arg1 == 4 ? "INFECTED" : "XXX unknown");
 }
 
 pid$target::vs_eng_scanstamp_current:return
@@ -197,17 +269,18 @@ pid$target::vs_eng_scanstamp_current:return
 
 pid$target::vs_icap_scan_file:return
 {
-	printf("%ld %s", arg1, arg1 == 0 ? "VSCAN_UNDEFINED" :
-	    arg1 == 1 ? "VSCAN_CLEAN" :
-	    arg1 == 2 ? "VSCAN_CLEANED" :
-	    arg1 == 3 ? "VSCAN_FORBIDDEN" : "VSCAN_(SE)_ERROR");
+	printf("%ld VS_RESULT_%s", arg1,
+	    arg1 == 0 ? "UNDEFINED" :
+	    arg1 == 1 ? "CLEAN" :
+	    arg1 == 2 ? "CLEANED" :
+	    arg1 == 3 ? "FORBIDDEN" : "(SE)_ERROR");
 }
 
 pid$target::vs_stats_set:entry
 {
 	printf("%s", (arg0 == 1) ? "CLEAN" :
 		(arg0 == 2) ? "CLEANED" :
-		(arg0 == 3) ? "QUARANTINE" : "SCAN ERROR");
+		(arg0 == 3) ? "QUARANTINE" : "ERROR");
 }
 
 pid$target::vs_stats_set:return