From 6885e3d22bc6d75ba44f9dbda29c161ed1d548eb Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Wed, 27 Mar 2019 20:26:59 +0100
Subject: [PATCH] [Minor] lua_scanners - improve fail debugging

---
 lualib/lua_scanners/common.lua | 48 +++++++++++++++-------------------
 1 file changed, 21 insertions(+), 27 deletions(-)

diff --git a/lualib/lua_scanners/common.lua b/lualib/lua_scanners/common.lua
index 2a748eaa5..9bf2adf44 100644
--- a/lualib/lua_scanners/common.lua
+++ b/lualib/lua_scanners/common.lua
@@ -65,52 +65,46 @@ local function yield_result(task, rule, vname, dyn_weight, is_fail)
   local all_whitelisted = true
   local patterns
   local symbol
+  local threat_table = {}
+  local threat_info
 
   -- This should be more generic
   if not is_fail then
     patterns = rule.patterns
     symbol = rule.symbol
+    threat_info = rule.detection_category .. 'found'
     if not dyn_weight then dyn_weight = 1.0 end
   elseif is_fail == 'fail' then
     patterns = rule.patterns_fail
     symbol = rule.symbol_fail
+    threat_info = "FAILED with error"
     dyn_weight = 0.0
   end
 
   if type(vname) == 'string' then
-    local symname, symscore = match_patterns(symbol,
-        vname,
-        patterns,
-        dyn_weight)
-    if rule.whitelist and rule.whitelist:get_key(vname) then
-      rspamd_logger.infox(task, '%s: "%s" is in whitelist', rule.log_prefix, vname)
-      return
-    end
-    task:insert_result(symname, symscore, vname)
-    rspamd_logger.infox(task, '%s: %s found: "%s - score: %s"',
-        rule.log_prefix, rule.detection_category, vname, symscore)
+    table.insert(threat_table, vname)
   elseif type(vname) == 'table' then
-    for _, vn in ipairs(vname) do
-      local symname, symscore = match_patterns(symbol, vn, patterns, dyn_weight)
-      if rule.whitelist and rule.whitelist:get_key(vn) then
-        rspamd_logger.infox(task, '%s: "%s" is in whitelist', rule.log_prefix, vn)
-      else
-        all_whitelisted = false
-        task:insert_result(symname, symscore, vn)
-        rspamd_logger.infox(task, '%s: %s found: "%s - score: %s"',
-            rule.log_prefix, rule.detection_category, vn, symscore)
-      end
-    end
+    threat_table = vname
   end
-  if rule.action and is_fail ~= 'fail' then
-    if type(vname) == 'table' then
-      if all_whitelisted then return end
-      vname = table.concat(vname, '; ')
+
+  for _, tm in ipairs(threat_table) do
+    local symname, symscore = match_patterns(symbol, tm, patterns, dyn_weight)
+    if rule.whitelist and rule.whitelist:get_key(tm) then
+      rspamd_logger.infox(task, '%s: "%s" is in whitelist', rule.log_prefix, tm)
+    else
+      all_whitelisted = false
+      task:insert_result(symname, symscore, tm)
+      rspamd_logger.infox(task, '%s: result - %s: "%s - score: %s"',
+          rule.log_prefix, threat_info, tm, symscore)
     end
+  end
+
+  if rule.action and is_fail ~= 'fail' and not all_whitelisted then
+    threat_table = table.concat(threat_table, '; ')
     task:set_pre_result(rule.action,
         lua_util.template(rule.message or 'Rejected', {
           SCANNER = rule.name,
-          VIRUS = vname,
+          VIRUS = threat_table,
         }), rule.name)
   end
 end
-- 
2.39.5