local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
-local module_name = "clamav"
+local N = "clamav"
local default_message = '${SCANNER}: virus found: "${VIRUS}"'
local function clamav_config(opts)
local clamav_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
clamav_conf.default_port)
if clamav_conf['upstreams'] then
- lua_util.add_debug_alias('antivirus', clamav_conf.module_name)
+ lua_util.add_debug_alias('antivirus', clamav_conf.N)
return clamav_conf
end
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s: retry IP: %s', rule.log_prefix, addr)
+ lua_util.debugm(rule.N, task, '%s: retry IP: %s', rule.log_prefix, addr)
tcp.request({
task = task,
upstream:ok()
data = tostring(data)
local cached
- lua_util.debugm(rule.module_name, task, '%s: got reply: %s', rule.log_prefix, data)
+ lua_util.debugm(rule.N, task, '%s: got reply: %s', rule.log_prefix, data)
if data == 'stream: OK' then
cached = 'OK'
if rule['log_clean'] then
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
else
- lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix)
+ lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix)
end
else
local vname = string.match(data, 'stream: (.+) FOUND')
description = 'clamav antivirus',
configure = clamav_config,
check = clamav_check,
- name = module_name
+ name = N
}
local common = require "lua_scanners/common"
local fun = require "fun"
-local module_name = 'dcc'
+local N = 'dcc'
local function dcc_check(task, content, digest, rule)
local function dcc_check_uncached ()
retransmits = retransmits - 1
- lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
+ lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, err, retransmits)
-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
+ lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port())
tcp.request({
-- Parse the response
if upstream then upstream:ok() end
local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n")
- lua_util.debugm(rule.module_name, task, 'DCC result=%1 disposition=%2 header="%3"',
+ lua_util.debugm(rule.N, task, 'DCC result=%1 disposition=%2 header="%3"',
result, disposition, header)
if header then
rspamd_logger.infox(task, '%s: clean, returned result A - info: %s',
rule.log_prefix, info)
else
- lua_util.debugm(rule.module_name, task, '%s: returned result A - info: %s',
+ lua_util.debugm(rule.N, task, '%s: returned result A - info: %s',
rule.log_prefix, info)
end
end
if rule.log_clean then
rspamd_logger.infox(task, '%s: clean, returned result G - info: %s', rule.log_prefix, info)
else
- lua_util.debugm(rule.module_name, task, '%s: returned result G - info: %s', rule.log_prefix, info)
+ lua_util.debugm(rule.N, task, '%s: returned result G - info: %s', rule.log_prefix, info)
end
elseif result == 'S' then
-- do nothing
if rule.log_clean then
rspamd_logger.infox(task, '%s: clean, returned result S - info: %s', rule.log_prefix, info)
else
- lua_util.debugm(rule.module_name, task, '%s: returned result S - info: %s', rule.log_prefix, info)
+ lua_util.debugm(rule.N, task, '%s: returned result S - info: %s', rule.log_prefix, info)
end
else
-- Unknown result
local function dcc_config(opts)
local dcc_conf = {
- module_name = module_name,
+ N = N,
default_port = 10045,
timeout = 5.0,
log_clean = false,
dcc_conf.default_port)
if dcc_conf.upstreams then
- lua_util.add_debug_alias('external_services', dcc_conf.module_name)
+ lua_util.add_debug_alias('external_services', dcc_conf.N)
return dcc_conf
end
description = 'dcc bulk scanner',
configure = dcc_config,
check = dcc_check,
- name = module_name
+ name = N
}
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
-local module_name = "fprot"
+local N = "fprot"
local default_message = '${SCANNER}: virus found: "${VIRUS}"'
local function fprot_config(opts)
local fprot_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
fprot_conf.default_port)
if fprot_conf['upstreams'] then
- lua_util.add_debug_alias('antivirus', fprot_conf.module_name)
+ lua_util.add_debug_alias('antivirus', fprot_conf.N)
return fprot_conf
end
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+ lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
tcp.request({
task = task,
description = 'fprot antivirus',
configure = fprot_config,
check = fprot_check,
- name = module_name
+ name = N
}
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
-local module_name = 'icap'
+local N = 'icap'
local function icap_check(task, content, digest, rule)
local function icap_check_uncached ()
"Encapsulated: null-body=0\r\n\r\n",
}
local size = string.format("%x", tonumber(#content))
- lua_util.debugm(rule.module_name, task, '%s: size: %s', rule.log_prefix, size)
+ lua_util.debugm(rule.N, task, '%s: size: %s', rule.log_prefix, size)
local function get_respond_query()
table.insert(respond_headers, 1, 'RESPMOD icap://' .. addr:to_string() .. ':' .. addr:get_port() .. '/'
icap_headers[key] = value
end
end
- lua_util.debugm(rule.module_name, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers)
+ lua_util.debugm(rule.N, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers)
return icap_headers
end
if icap_headers['X-Infection-Found'] ~= nil then
pattern_symbols = "(Type%=%d; .* Threat%=)(.*)([;]+)"
match = string.gsub(icap_headers['X-Infection-Found'], pattern_symbols, "%2")
- lua_util.debugm(rule.module_name, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match)
+ lua_util.debugm(rule.N, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match)
table.insert(threat_string, match)
elseif icap_headers['X-Virus-ID'] ~= nil then
- lua_util.debugm(rule.module_name, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
+ lua_util.debugm(rule.N, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
table.insert(threat_string, icap_headers['X-Virus-ID'])
end
retransmits = retransmits - 1
- lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
+ lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, error, retransmits)
-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
+ lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port())
tcp.request({
local function icap_config(opts)
local icap_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = true,
scan_all_mime_parts = true,
scan_text_mime = false,
icap_conf.default_port)
if icap_conf.upstreams then
- lua_util.add_debug_alias('external_services', icap_conf.module_name)
+ lua_util.add_debug_alias('external_services', icap_conf.N)
return icap_conf
end
end
return {
- type = {module_name,'virus', 'virus', 'scanner'},
+ type = {N,'virus', 'virus', 'scanner'},
description = 'generic icap antivirus',
configure = icap_config,
check = icap_check,
- name = module_name
+ name = N
}
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
-local module_name = "kaspersky"
+local N = "kaspersky"
local default_message = '${SCANNER}: virus found: "${VIRUS}"'
local function kaspersky_config(opts)
local kaspersky_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
kaspersky_conf['servers'], 0)
if kaspersky_conf['upstreams'] then
- lua_util.add_debug_alias('antivirus', kaspersky_conf.module_name)
+ lua_util.add_debug_alias('antivirus', kaspersky_conf.N)
return kaspersky_conf
end
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task,
+ lua_util.debugm(rule.N, task,
'%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
tcp.request({
upstream:ok()
data = tostring(data)
local cached
- lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s',
+ lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s',
rule['symbol'], rule['type'], data)
if data == 'stream: OK' or data == fname .. ': OK' then
cached = 'OK'
description = 'kaspersky antivirus',
configure = kaspersky_config,
check = kaspersky_check,
- name = module_name
+ name = N
}
local ucl = require "ucl"
local common = require "lua_scanners/common"
-local module_name = 'oletools'
+local N = 'oletools'
local function oletools_check(task, content, digest, rule)
local function oletools_check_uncached ()
retransmits = retransmits - 1
- lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
+ lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, error, retransmits)
-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
+ lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port())
tcp.request({
local m_dridex = '-'
local m_vba = '-'
- lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
- lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
+ lua_util.debugm(rule.N, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
+ lua_util.debugm(rule.N, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
for _,m in ipairs(result[2]['macros']) do
- lua_util.debugm(rule.module_name, task, '%s: macros found - code: %s, ole_stream: %s, '..
+ lua_util.debugm(rule.N, task, '%s: macros found - code: %s, ole_stream: %s, '..
'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename)
end
local analysis_keyword_table = {}
for _,a in ipairs(result[2]['analysis']) do
- lua_util.debugm(rule.module_name, task, '%s: threat found - type: %s, keyword: %s, '..
+ lua_util.debugm(rule.N, task, '%s: threat found - type: %s, keyword: %s, '..
'description: %s', rule.log_prefix, a.type, a.keyword, a.description)
if a.type == 'AutoExec' then
m_autoexec = 'A'
if rule.extended == false and m_autoexec == 'A' and m_suspicious == 'S' then
-- use single string as virus name
local threat = 'AutoExec + Suspicious (' .. table.concat(analysis_keyword_table, ',') .. ')'
- lua_util.debugm(rule.module_name, task, '%s: threat result: %s', rule.log_prefix, threat)
+ lua_util.debugm(rule.N, task, '%s: threat result: %s', rule.log_prefix, threat)
common.yield_result(task, rule, threat, rule.default_score)
common.save_av_cache(task, digest, rule, threat, rule.default_score)
m_vba
table.insert(analysis_keyword_table, 1, flags)
- lua_util.debugm(rule.module_name, task, '%s: extended threat result: %s',
+ lua_util.debugm(rule.N, task, '%s: extended threat result: %s',
rule.log_prefix, table.concat(analysis_keyword_table, ','))
common.yield_result(task, rule, analysis_keyword_table, rule.default_score)
local function oletools_config(opts)
local oletools_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = false,
scan_text_mime = false,
scan_image_mime = false,
oletools_conf.default_port)
if oletools_conf.upstreams then
- lua_util.add_debug_alias('external_services', oletools_conf.module_name)
+ lua_util.add_debug_alias('external_services', oletools_conf.N)
return oletools_conf
end
end
return {
- type = {module_name,'attachment scanner', 'hash', 'scanner'},
+ type = {N,'attachment scanner', 'hash', 'scanner'},
description = 'oletools office macro scanner',
configure = oletools_config,
check = oletools_check,
- name = module_name
+ name = N
}
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
-local module_name = "savapi"
+local N = "savapi"
local default_message = '${SCANNER}: virus found: "${VIRUS}"'
local function savapi_config(opts)
local savapi_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
savapi_conf.default_port)
if savapi_conf['upstreams'] then
- lua_util.add_debug_alias('antivirus', savapi_conf.module_name)
+ lua_util.add_debug_alias('antivirus', savapi_conf.N)
return savapi_conf
end
for virus,_ in pairs(vnames) do
table.insert(vnames_reordered, virus)
end
- lua_util.debugm(rule.module_name, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered)
+ lua_util.debugm(rule.N, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered)
if #vnames_reordered > 0 then
local vname = {}
for _,virus in ipairs(vnames_reordered) do
local function savapi_scan2_cb(err, data, conn)
local result = tostring(data)
- lua_util.debugm(rule.module_name, task, "%s: got reply: %s",
+ lua_util.debugm(rule.N, task, "%s: got reply: %s",
rule['type'], result)
-- Terminal response - clean
local function savapi_greet2_cb(err, data, conn)
local result = tostring(data)
if string.find(result, '100 PRODUCT') then
- lua_util.debugm(rule.module_name, task, "%s: scanning file: %s",
+ lua_util.debugm(rule.N, task, "%s: scanning file: %s",
rule['type'], fname)
conn:add_write(savapi_scan1_cb, {string.format('SCAN %s\n',
fname)})
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+ lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
tcp.request({
task = task,
description = 'savapi avira antivirus',
configure = savapi_config,
check = savapi_check,
- name = module_name
+ name = N
}
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
-local module_name = "sophos"
+local N = "sophos"
local default_message = '${SCANNER}: virus found: "${VIRUS}"'
local function sophos_config(opts)
local sophos_conf = {
- module_name = module_name,
+ N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
sophos_conf.default_port)
if sophos_conf['upstreams'] then
- lua_util.add_debug_alias('antivirus', sophos_conf.module_name)
+ lua_util.add_debug_alias('antivirus', sophos_conf.N)
return sophos_conf
end
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
- lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+ lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
tcp.request({
task = task,
else
upstream:ok()
data = tostring(data)
- lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
+ lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
local vname = string.match(data, 'VIRUS (%S+) ')
if vname then
common.yield_result(task, rule, vname)
if rule['log_clean'] then
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
else
- lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix)
+ lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix)
end
common.save_av_cache(task, digest, rule, 'OK')
-- not finished - continue
description = 'sophos antivirus',
configure = sophos_config,
check = sophos_check,
- name = module_name
+ name = N
}