local vname = string.match(data, 'stream: (.+) FOUND')
if string.find(vname, '^Heuristics%.Encrypted') then
rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)
- common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'fail')
+ common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted')
elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then
rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix)
common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail')
symbol = rule.symbol_fail
threat_info = "FAILED with error"
dyn_weight = 0.0
+ elseif is_fail == 'encrypted' then
+ patterns = rule.patterns
+ symbol = rule.symbol_encrypted
+ threat_info = "Scan has returned that input was encrypted"
+ dyn_weight = 1.0
end
if type(vname) == 'string' then
opts.symbol_fail = opts.symbol .. '_FAIL'
end
+ if not opts.symbol_encrypted then
+ opts.symbol_encrypted = opts.symbol .. '_ENCRYPTED'
+ end
+
-- WORKAROUND for deprecated attachments_only
if opts.attachments_only ~= nil then
opts.scan_mime_parts = opts.attachments_only
local rule = cfg.configure(opts)
rule.type = opts.type
rule.symbol_fail = opts.symbol_fail
+ rule.symbol_encrypted = opts.symbol_encrypted
rule.redis_params = redis_params
if not rule then
score = 0.0,
group = N
})
+ rspamd_config:register_symbol({
+ type = 'virtual',
+ name = m['symbol_encrypted'],
+ parent = id,
+ score = 0.0,
+ group = N
+ })
has_valid = true
if type(m['patterns']) == 'table' then
if m['patterns'][1] then
projects / rspamd.git / commitdiff