From: André Peters Date: Fri, 23 Oct 2020 19:12:37 +0000 (+0200) Subject: Include fuzzy hashes in meta data, if any X-Git-Tag: 2.7~205^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F3530%2Fhead;p=rspamd.git Include fuzzy hashes in meta data, if any Tested: ``` [X-Rspamd-From] => unknown" [X-Rspamd-Ip] => unknown" [X-Rspamd-Subject] => asdasd" [X-Rspamd-Qid] => unknown" [X-Rspamd-Rcpt] => unknown" [X-Rspamd-Action] => reject" [X-Rspamd-Score] => 29.15" [User-Agent] => rspamd-2.6" [X-Rspamd-Fuzzy] => ["c62020f5ba6f4e3e403b6c67abb860954452fa662bf8c38dae06c17c70cc0b79720cf762e45fbeeea7d2fb17f9cf4b28c851bb70f2526b000dba852899c7ce67"]" [X-Rspamd-User] => unknown" [X-Rspamd-Symbols] => [{"score":0,"group":"policies","name":"ARC_NA","groups":["policies","arc"]},{"options":["andre.peters@tinc.gmbh"],"score":0,"group":"headers","name":"HAS_REPLYTO","groups":["headers"]},{"options":["andre@develcow.de"],"score":0,"group":"multimap","name":"RCPT_WANTS_SUBJECT_TAG","groups":["multimap"]},{"score":0,"group":"headers","name":"REPLYTO_EQ_FROM","groups":["headers"]},{"score":0,"group":"headers","name":"FROM_HAS_DN","groups":["headers"]},{"options":["11:c62020f5ba:1.00:bin"],"score":15,"group":"fuzzy","name":"LOCAL_FUZZY_DENIED","groups":["fuzzy"]},{"score":0.500000,"group":"headers","name":"MV_CASE","groups":["headers"]},{"score":1,"group":"composite","name":"POLICY_FAILURE","groups":["composite"]},{"options":["multipart/alternative","text/plain"],"score":-0.100000,"group":"mime_types","name":"MIME_GOOD","groups":["mime_types"]},{"options":["failed to scan and retransmits exceed"],"score":0,"group":"antivirus","name":"CLAM_VIRUS_FAIL","groups":["antivirus"]},{"options":["1"],"score":0,"group":"headers","name":"RCPT_COUNT_ONE","groups":["headers"]},{"options":["100.00%"],"score":2.500000,"group":"statistics","name":"BAYES_SPAM","groups":["statistics"]},{"score":0,"group":"headers","name":"TO_DN_EQ_ADDR_ALL","groups":["headers"]},{"options":["0"],"score":0,"group":"headers","name":"RCVD_COUNT_ZERO","groups":["headers"]},{"options":["develcow.de"],"score":0,"group":"multimap","name":"RCPT_MAILCOW_DOMAIN","groups":["multimap"]},{"score":0,"group":"policies","name":"R_DKIM_NA","groups":["policies","dkim"]},{"options":["0:+","1:+","2:~"],"score":0,"group":"mime_types","name":"MIME_TRACE","groups":["mime_types"]},{"options":["subject"],"score":0.250000,"group":"headers","name":"R_MIXED_CHARSET","groups":["headers"]},{"score":0.500000,"group":"Message ID","name":"MID_RHS_NOT_FQDN","groups":["Message ID"]},{"score":8.500000,"group":"hfilter","name":"HFILTER_HOSTNAME_UNKNOWN","groups":["hfilter"]},{"options":["tinc.gmbh : No valid SPF, No valid DKIM","none"],"score":1,"group":"policies","name":"DMARC_POLICY_SOFTFAIL","groups":["policies","dmarc"]}]" [Content-Type] => text/plain" [Content-Length] => 3825" [Host] => nginx" [Connection] => close" ``` Will print "unknown" if missing. --- diff --git a/src/plugins/lua/metadata_exporter.lua b/src/plugins/lua/metadata_exporter.lua index 20457461b..48a5ffce3 100644 --- a/src/plugins/lua/metadata_exporter.lua +++ b/src/plugins/lua/metadata_exporter.lua @@ -79,6 +79,21 @@ local function get_general_metadata(task, flatten, no_content) local s = task:get_metric_score('default')[1] r.score = flatten and string.format('%.2f', s) or s + local fuzzy = task:get_mempool():get_variable("fuzzy_hashes", "fstrings") + if fuzzy and #fuzzy > 0 then + local fz = {} + for _,h in ipairs(fuzzy) do + table.insert(fz, h) + end + if not flatten then + r.fuzzy = fz + else + r.fuzzy = table.concat(fz, ', ') + end + else + r.fuzzy = 'unknown' + end + local rcpt = task:get_recipients('smtp') if rcpt then local l = {}