local N = 'dcc'
+local function dcc_config(opts)
+
+ local dcc_conf = {
+ name = N,
+ default_port = 10045,
+ timeout = 5.0,
+ log_clean = false,
+ retransmits = 2,
+ cache_expire = 7200, -- expire redis in 2h
+ message = '${SCANNER}: bulk message found: "${VIRUS}"',
+ detection_category = "hash",
+ default_score = 1,
+ action = false,
+ client = '0.0.0.0',
+ symbol_fail = 'DCC_FAIL',
+ symbol = 'DCC_REJECT',
+ symbol_bulk = 'DCC_BULK',
+ body_max = 999999,
+ fuz1_max = 999999,
+ fuz2_max = 999999,
+ }
+
+ dcc_conf = lua_util.override_defaults(dcc_conf, opts)
+
+ if not dcc_conf.prefix then
+ dcc_conf.prefix = 'rs_' .. dcc_conf.name .. '_'
+ end
+
+ if not dcc_conf.log_prefix then
+ dcc_conf.log_prefix = dcc_conf.name
+ end
+
+ if not dcc_conf.servers and dcc_conf.socket then
+ dcc_conf.servers = dcc_conf.socket
+ end
+
+ if not dcc_conf.servers then
+ rspamd_logger.errx(rspamd_config, 'no servers defined')
+
+ return nil
+ end
+
+ dcc_conf.upstreams = upstream_list.create(rspamd_config,
+ dcc_conf.servers,
+ dcc_conf.default_port)
+
+ if dcc_conf.upstreams then
+ lua_util.add_debug_alias('external_services', dcc_conf.name)
+ return dcc_conf
+ end
+
+ rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
+ dcc_conf['servers'])
+ return nil
+end
+
local function dcc_check(task, content, digest, rule)
local function dcc_check_uncached ()
local upstream = rule.upstreams:get_upstream_round_robin()
end
end
-local function dcc_config(opts)
-
- local dcc_conf = {
- name = N,
- default_port = 10045,
- timeout = 5.0,
- log_clean = false,
- retransmits = 2,
- cache_expire = 7200, -- expire redis in 2h
- message = '${SCANNER}: bulk message found: "${VIRUS}"',
- detection_category = "hash",
- default_score = 1,
- action = false,
- client = '0.0.0.0',
- symbol_fail = 'DCC_FAIL',
- symbol = 'DCC_REJECT',
- symbol_bulk = 'DCC_BULK',
- body_max = 999999,
- fuz1_max = 999999,
- fuz2_max = 999999,
- }
-
- dcc_conf = lua_util.override_defaults(dcc_conf, opts)
-
- if not dcc_conf.prefix then
- dcc_conf.prefix = 'rs_' .. dcc_conf.name .. '_'
- end
-
- if not dcc_conf.log_prefix then
- dcc_conf.log_prefix = dcc_conf.name
- end
-
- if not dcc_conf.servers and dcc_conf.socket then
- dcc_conf.servers = dcc_conf.socket
- end
-
- if not dcc_conf.servers then
- rspamd_logger.errx(rspamd_config, 'no servers defined')
-
- return nil
- end
-
- dcc_conf.upstreams = upstream_list.create(rspamd_config,
- dcc_conf.servers,
- dcc_conf.default_port)
-
- if dcc_conf.upstreams then
- lua_util.add_debug_alias('external_services', dcc_conf.name)
- return dcc_conf
- end
-
- rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
- dcc_conf['servers'])
- return nil
-end
-
return {
type = {'dcc','bulk', 'hash', 'scanner'},
description = 'dcc bulk scanner',
local N = 'icap'
+local function icap_config(opts)
+
+ local icap_conf = {
+ name = N,
+ scan_mime_parts = true,
+ scan_all_mime_parts = true,
+ scan_text_mime = false,
+ scan_image_mime = false,
+ scheme = "scan",
+ default_port = 4020,
+ timeout = 10.0,
+ log_clean = false,
+ retransmits = 2,
+ cache_expire = 7200, -- expire redis in one hour
+ message = '${SCANNER}: threat found with icap scanner: "${VIRUS}"',
+ detection_category = "virus",
+ default_score = 1,
+ action = false,
+ }
+
+ icap_conf = lua_util.override_defaults(icap_conf, opts)
+
+ if not icap_conf.prefix then
+ icap_conf.prefix = 'rs_' .. icap_conf.name .. '_'
+ end
+
+ if not icap_conf.log_prefix then
+ icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')'
+ end
+
+ if not icap_conf.log_prefix then
+ if icap_conf.name:lower() == icap_conf.type:lower() then
+ icap_conf.log_prefix = icap_conf.name
+ else
+ icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')'
+ end
+ end
+
+ if not icap_conf.servers then
+ rspamd_logger.errx(rspamd_config, 'no servers defined')
+
+ return nil
+ end
+
+ icap_conf.upstreams = upstream_list.create(rspamd_config,
+ icap_conf.servers,
+ icap_conf.default_port)
+
+ if icap_conf.upstreams then
+ lua_util.add_debug_alias('external_services', icap_conf.name)
+ return icap_conf
+ end
+
+ rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
+ icap_conf.servers)
+ return nil
+end
+
local function icap_check(task, content, digest, rule)
local function icap_check_uncached ()
local upstream = rule.upstreams:get_upstream_round_robin()
end
end
-
-local function icap_config(opts)
-
- local icap_conf = {
- name = N,
- scan_mime_parts = true,
- scan_all_mime_parts = true,
- scan_text_mime = false,
- scan_image_mime = false,
- scheme = "scan",
- default_port = 4020,
- timeout = 10.0,
- log_clean = false,
- retransmits = 2,
- cache_expire = 7200, -- expire redis in one hour
- message = '${SCANNER}: threat found with icap scanner: "${VIRUS}"',
- detection_category = "virus",
- default_score = 1,
- action = false,
- }
-
- icap_conf = lua_util.override_defaults(icap_conf, opts)
-
- if not icap_conf.prefix then
- icap_conf.prefix = 'rs_' .. icap_conf.name .. '_'
- end
-
- if not icap_conf.log_prefix then
- icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')'
- end
-
- if not icap_conf.log_prefix then
- if icap_conf.name:lower() == icap_conf.type:lower() then
- icap_conf.log_prefix = icap_conf.name
- else
- icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')'
- end
- end
-
- if not icap_conf.servers then
- rspamd_logger.errx(rspamd_config, 'no servers defined')
-
- return nil
- end
-
- icap_conf.upstreams = upstream_list.create(rspamd_config,
- icap_conf.servers,
- icap_conf.default_port)
-
- if icap_conf.upstreams then
- lua_util.add_debug_alias('external_services', icap_conf.name)
- return icap_conf
- end
-
- rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
- icap_conf.servers)
- return nil
-end
-
return {
type = {N, 'virus', 'virus', 'scanner'},
description = 'generic icap antivirus',
local N = 'oletools'
+local function oletools_config(opts)
+
+ local oletools_conf = {
+ name = N,
+ scan_mime_parts = true,
+ scan_text_mime = false,
+ scan_image_mime = false,
+ default_port = 10050,
+ timeout = 15.0,
+ log_clean = false,
+ retransmits = 2,
+ cache_expire = 86400, -- expire redis in 1d
+ symbol = "OLETOOLS",
+ message = '${SCANNER}: Oletools threat message found: "${VIRUS}"',
+ detection_category = "office macro",
+ default_score = 1,
+ action = false,
+ extended = false,
+ symbol_type = 'postfilter',
+ dynamic_scan = true,
+ }
+
+ oletools_conf = lua_util.override_defaults(oletools_conf, opts)
+
+ if not oletools_conf.prefix then
+ oletools_conf.prefix = 'rs_' .. oletools_conf.name .. '_'
+ end
+
+ if not oletools_conf.log_prefix then
+ if oletools_conf.name:lower() == oletools_conf.type:lower() then
+ oletools_conf.log_prefix = oletools_conf.name
+ else
+ oletools_conf.log_prefix = oletools_conf.name .. ' (' .. oletools_conf.type .. ')'
+ end
+ end
+
+ if not oletools_conf.servers then
+ rspamd_logger.errx(rspamd_config, 'no servers defined')
+
+ return nil
+ end
+
+ oletools_conf.upstreams = upstream_list.create(rspamd_config,
+ oletools_conf.servers,
+ oletools_conf.default_port)
+
+ if oletools_conf.upstreams then
+ lua_util.add_debug_alias('external_services', oletools_conf.name)
+ return oletools_conf
+ end
+
+ rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
+ oletools_conf.servers)
+ return nil
+end
+
local function oletools_check(task, content, digest, rule)
local function oletools_check_uncached ()
local upstream = rule.upstreams:get_upstream_round_robin()
end
end
-local function oletools_config(opts)
-
- local oletools_conf = {
- name = N,
- scan_mime_parts = true,
- scan_text_mime = false,
- scan_image_mime = false,
- default_port = 10050,
- timeout = 15.0,
- log_clean = false,
- retransmits = 2,
- cache_expire = 86400, -- expire redis in 1d
- symbol = "OLETOOLS",
- message = '${SCANNER}: Oletools threat message found: "${VIRUS}"',
- detection_category = "office macro",
- default_score = 1,
- action = false,
- extended = false,
- symbol_type = 'postfilter',
- dynamic_scan = true,
- }
-
- oletools_conf = lua_util.override_defaults(oletools_conf, opts)
-
- if not oletools_conf.prefix then
- oletools_conf.prefix = 'rs_' .. oletools_conf.name .. '_'
- end
-
- if not oletools_conf.log_prefix then
- if oletools_conf.name:lower() == oletools_conf.type:lower() then
- oletools_conf.log_prefix = oletools_conf.name
- else
- oletools_conf.log_prefix = oletools_conf.name .. ' (' .. oletools_conf.type .. ')'
- end
- end
-
- if not oletools_conf.servers then
- rspamd_logger.errx(rspamd_config, 'no servers defined')
-
- return nil
- end
-
- oletools_conf.upstreams = upstream_list.create(rspamd_config,
- oletools_conf.servers,
- oletools_conf.default_port)
-
- if oletools_conf.upstreams then
- lua_util.add_debug_alias('external_services', oletools_conf.name)
- return oletools_conf
- end
-
- rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
- oletools_conf.servers)
- return nil
-end
-
return {
type = {N, 'attachment scanner', 'hash', 'scanner'},
description = 'oletools office macro scanner',
local N = 'spamassassin'
+local function spamassassin_config(opts)
+
+ local spamassassin_conf = {
+ N = N,
+ scan_mime_parts = false,
+ scan_text_mime = false,
+ scan_image_mime = false,
+ default_port = 783,
+ timeout = 15.0,
+ log_clean = false,
+ retransmits = 2,
+ cache_expire = 3600, -- expire redis in one hour
+ symbol = "SPAMD",
+ message = '${SCANNER}: Spamassassin bulk message found: "${VIRUS}"',
+ detection_category = "spam",
+ default_score = 1,
+ action = false,
+ extended = false,
+ symbol_type = 'postfilter',
+ dynamic_scan = true,
+ }
+
+ spamassassin_conf = lua_util.override_defaults(spamassassin_conf, opts)
+
+ if not spamassassin_conf.prefix then
+ spamassassin_conf.prefix = 'rs_' .. spamassassin_conf.name .. '_'
+ end
+
+ if not spamassassin_conf.log_prefix then
+ if spamassassin_conf.name:lower() == spamassassin_conf.type:lower() then
+ spamassassin_conf.log_prefix = spamassassin_conf.name
+ else
+ spamassassin_conf.log_prefix = spamassassin_conf.name .. ' (' .. spamassassin_conf.type .. ')'
+ end
+ end
+
+ if not spamassassin_conf.servers then
+ rspamd_logger.errx(rspamd_config, 'no servers defined')
+
+ return nil
+ end
+
+ spamassassin_conf.upstreams = upstream_list.create(rspamd_config,
+ spamassassin_conf.servers,
+ spamassassin_conf.default_port)
+
+ if spamassassin_conf.upstreams then
+ lua_util.add_debug_alias('external_services', spamassassin_conf.N)
+ return spamassassin_conf
+ end
+
+ rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
+ spamassassin_conf.servers)
+ return nil
+end
+
local function spamassassin_check(task, content, digest, rule)
local function spamassassin_check_uncached ()
local upstream = rule.upstreams:get_upstream_round_robin()
end
end
-local function spamassassin_config(opts)
-
- local spamassassin_conf = {
- N = N,
- scan_mime_parts = false,
- scan_text_mime = false,
- scan_image_mime = false,
- default_port = 783,
- timeout = 15.0,
- log_clean = false,
- retransmits = 2,
- cache_expire = 3600, -- expire redis in one hour
- symbol = "SPAMD",
- message = '${SCANNER}: Spamassassin bulk message found: "${VIRUS}"',
- detection_category = "spam",
- default_score = 1,
- action = false,
- extended = false,
- symbol_type = 'postfilter',
- dynamic_scan = true,
- }
-
- spamassassin_conf = lua_util.override_defaults(spamassassin_conf, opts)
-
- if not spamassassin_conf.prefix then
- spamassassin_conf.prefix = 'rs_' .. spamassassin_conf.name .. '_'
- end
-
- if not spamassassin_conf.log_prefix then
- if spamassassin_conf.name:lower() == spamassassin_conf.type:lower() then
- spamassassin_conf.log_prefix = spamassassin_conf.name
- else
- spamassassin_conf.log_prefix = spamassassin_conf.name .. ' (' .. spamassassin_conf.type .. ')'
- end
- end
-
- if not spamassassin_conf.servers then
- rspamd_logger.errx(rspamd_config, 'no servers defined')
-
- return nil
- end
-
- spamassassin_conf.upstreams = upstream_list.create(rspamd_config,
- spamassassin_conf.servers,
- spamassassin_conf.default_port)
-
- if spamassassin_conf.upstreams then
- lua_util.add_debug_alias('external_services', spamassassin_conf.N)
- return spamassassin_conf
- end
-
- rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
- spamassassin_conf.servers)
- return nil
-end
-
return {
type = {N,'spam', 'scanner'},
description = 'spamassassin spam scanner',
local N = 'vadesecure'
+local function vade_config(opts)
+
+ local vade_conf = {
+ name = N,
+ default_port = 23808,
+ url = '/api/v1/scan',
+ use_https = false,
+ timeout = 5.0,
+ log_clean = false,
+ retransmits = 1,
+ cache_expire = 7200, -- expire redis in 2h
+ message = '${SCANNER}: spam message found: "${VIRUS}"',
+ detection_category = "hash",
+ default_score = 1,
+ action = false,
+ log_spamcause = true,
+ symbol_fail = 'VADE_FAIL',
+ symbol = 'VADE_CHECK',
+ symbols = {
+ clean = {
+ symbol = 'VADE_CLEAN',
+ score = -0.5,
+ description = 'VadeSecure decided message to be clean'
+ },
+ spam = {
+ high = {
+ symbol = 'VADE_SPAM_HIGH',
+ score = 8.0,
+ description = 'VadeSecure decided message to be clearly spam'
+ },
+ medium = {
+ symbol = 'VADE_SPAM_MEDIUM',
+ score = 5.0,
+ description = 'VadeSecure decided message to be highly likely spam'
+ },
+ low = {
+ symbol = 'VADE_SPAM_LOW',
+ score = 2.0,
+ description = 'VadeSecure decided message to be likely spam'
+ },
+ },
+ malware = {
+ symbol = 'VADE_MALWARE',
+ score = 8.0,
+ description = 'VadeSecure decided message to be malware'
+ },
+ scam = {
+ symbol = 'VADE_SCAM',
+ score = 7.0,
+ description = 'VadeSecure decided message to be scam'
+ },
+ phishing = {
+ symbol = 'VADE_PHISHING',
+ score = 8.0,
+ description = 'VadeSecure decided message to be phishing'
+ },
+ commercial = {
+ symbol = 'VADE_COMMERCIAL',
+ score = 0.0,
+ description = 'VadeSecure decided message to be commercial message'
+ },
+ community = {
+ symbol = 'VADE_COMMUNITY',
+ score = 0.0,
+ description = 'VadeSecure decided message to be community message'
+ },
+ transactional = {
+ symbol = 'VADE_TRANSACTIONAL',
+ score = 0.0,
+ description = 'VadeSecure decided message to be transactional message'
+ },
+ suspect = {
+ symbol = 'VADE_SUSPECT',
+ score = 3.0,
+ description = 'VadeSecure decided message to be suspicious message'
+ },
+ bounce = {
+ symbol = 'VADE_BOUNCE',
+ score = 0.0,
+ description = 'VadeSecure decided message to be bounce message'
+ },
+ other = 'VADE_OTHER',
+ }
+ }
+
+ vade_conf = lua_util.override_defaults(vade_conf, opts)
+
+ if not vade_conf.prefix then
+ vade_conf.prefix = 'rs_' .. vade_conf.name .. '_'
+ end
+
+ if not vade_conf.log_prefix then
+ if vade_conf.name:lower() == vade_conf.type:lower() then
+ vade_conf.log_prefix = vade_conf.name
+ else
+ vade_conf.log_prefix = vade_conf.name .. ' (' .. vade_conf.type .. ')'
+ end
+ end
+
+ if not vade_conf.servers and vade_conf.socket then
+ vade_conf.servers = vade_conf.socket
+ end
+
+ if not vade_conf.servers then
+ rspamd_logger.errx(rspamd_config, 'no servers defined')
+
+ return nil
+ end
+
+ vade_conf.upstreams = upstream_list.create(rspamd_config,
+ vade_conf.servers,
+ vade_conf.default_port)
+
+ if vade_conf.upstreams then
+ lua_util.add_debug_alias('external_services', vade_conf.name)
+ return vade_conf
+ end
+
+ rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
+ vade_conf['servers'])
+ return nil
+end
+
local function vade_check(task, content, digest, rule)
local function vade_url(addr)
local url
http.request(request_data)
end
-
-local function vade_config(opts)
-
- local vade_conf = {
- name = N,
- default_port = 23808,
- url = '/api/v1/scan',
- use_https = false,
- timeout = 5.0,
- log_clean = false,
- retransmits = 1,
- cache_expire = 7200, -- expire redis in 2h
- message = '${SCANNER}: spam message found: "${VIRUS}"',
- detection_category = "hash",
- default_score = 1,
- action = false,
- log_spamcause = true,
- symbol_fail = 'VADE_FAIL',
- symbol = 'VADE_CHECK',
- symbols = {
- clean = {
- symbol = 'VADE_CLEAN',
- score = -0.5,
- description = 'VadeSecure decided message to be clean'
- },
- spam = {
- high = {
- symbol = 'VADE_SPAM_HIGH',
- score = 8.0,
- description = 'VadeSecure decided message to be clearly spam'
- },
- medium = {
- symbol = 'VADE_SPAM_MEDIUM',
- score = 5.0,
- description = 'VadeSecure decided message to be highly likely spam'
- },
- low = {
- symbol = 'VADE_SPAM_LOW',
- score = 2.0,
- description = 'VadeSecure decided message to be likely spam'
- },
- },
- malware = {
- symbol = 'VADE_MALWARE',
- score = 8.0,
- description = 'VadeSecure decided message to be malware'
- },
- scam = {
- symbol = 'VADE_SCAM',
- score = 7.0,
- description = 'VadeSecure decided message to be scam'
- },
- phishing = {
- symbol = 'VADE_PHISHING',
- score = 8.0,
- description = 'VadeSecure decided message to be phishing'
- },
- commercial = {
- symbol = 'VADE_COMMERCIAL',
- score = 0.0,
- description = 'VadeSecure decided message to be commercial message'
- },
- community = {
- symbol = 'VADE_COMMUNITY',
- score = 0.0,
- description = 'VadeSecure decided message to be community message'
- },
- transactional = {
- symbol = 'VADE_TRANSACTIONAL',
- score = 0.0,
- description = 'VadeSecure decided message to be transactional message'
- },
- suspect = {
- symbol = 'VADE_SUSPECT',
- score = 3.0,
- description = 'VadeSecure decided message to be suspicious message'
- },
- bounce = {
- symbol = 'VADE_BOUNCE',
- score = 0.0,
- description = 'VadeSecure decided message to be bounce message'
- },
- other = 'VADE_OTHER',
- }
- }
-
- vade_conf = lua_util.override_defaults(vade_conf, opts)
-
- if not vade_conf.prefix then
- vade_conf.prefix = 'rs_' .. vade_conf.name .. '_'
- end
-
- if not vade_conf.log_prefix then
- if vade_conf.name:lower() == vade_conf.type:lower() then
- vade_conf.log_prefix = vade_conf.name
- else
- vade_conf.log_prefix = vade_conf.name .. ' (' .. vade_conf.type .. ')'
- end
- end
-
- if not vade_conf.servers and vade_conf.socket then
- vade_conf.servers = vade_conf.socket
- end
-
- if not vade_conf.servers then
- rspamd_logger.errx(rspamd_config, 'no servers defined')
-
- return nil
- end
-
- vade_conf.upstreams = upstream_list.create(rspamd_config,
- vade_conf.servers,
- vade_conf.default_port)
-
- if vade_conf.upstreams then
- lua_util.add_debug_alias('external_services', vade_conf.name)
- return vade_conf
- end
-
- rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
- vade_conf['servers'])
- return nil
-end
-
return {
type = {'vadesecure', 'scanner'},
description = 'VadeSecure Filterd interface',
projects / rspamd.git / commitdiff