mirror of
https://github.com/rspamd/rspamd.git
synced 2024-09-13 15:45:47 +02:00
116 lines
3.2 KiB
Lua
116 lines
3.2 KiB
Lua
--[[
|
|
Copyright (c) 2019, Vsevolod Stakhov <vsevolod@highsecure.ru>
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
]]--
|
|
|
|
local function process_pdf_specific(task, part, specific)
|
|
local suspicious_factor = 0
|
|
if specific.encrypted then
|
|
task:insert_result('PDF_ENCRYPTED', 1.0, part:get_filename() or 'unknown')
|
|
suspicious_factor = suspicious_factor + 0.1
|
|
if specific.openaction then
|
|
suspicious_factor = suspicious_factor + 0.5
|
|
end
|
|
end
|
|
|
|
if specific.scripts then
|
|
task:insert_result('PDF_JAVASCRIPT', 1.0, part:get_filename() or 'unknown')
|
|
suspicious_factor = suspicious_factor + 0.1
|
|
end
|
|
|
|
if specific.suspicious then
|
|
suspicious_factor = suspicious_factor + specific.suspicious
|
|
end
|
|
|
|
if suspicious_factor > 0.5 then
|
|
if suspicious_factor > 1.0 then suspicious_factor = 1.0 end
|
|
task:insert_result('PDF_SUSPICIOUS', suspicious_factor, part:get_filename() or 'unknown')
|
|
end
|
|
|
|
if specific.long_trailer then
|
|
task:insert_result('PDF_LONG_TRAILER', 1.0, string.format('%s:%d',
|
|
part:get_filename() or 'unknown', specific.long_trailer))
|
|
end
|
|
if specific.many_objects then
|
|
task:insert_result('PDF_MANY_OBJECTS', 1.0, string.format('%s:%d',
|
|
part:get_filename() or 'unknown', specific.many_objects))
|
|
end
|
|
if specific.timeout_processing then
|
|
task:insert_result('PDF_TIMEOUT', 1.0, string.format('%s:%.3f',
|
|
part:get_filename() or 'unknown', specific.timeout_processing))
|
|
end
|
|
end
|
|
|
|
local tags_processors = {
|
|
pdf = process_pdf_specific
|
|
}
|
|
|
|
local function process_specific_cb(task)
|
|
local parts = task:get_parts() or {}
|
|
|
|
for _,p in ipairs(parts) do
|
|
if p:is_specific() then
|
|
local data = p:get_specific()
|
|
|
|
if data and type(data) == 'table' and data.tag then
|
|
if tags_processors[data.tag] then
|
|
tags_processors[data.tag](task, p, data)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
local id = rspamd_config:register_symbol{
|
|
type = 'callback',
|
|
name = 'SPECIFIC_CONTENT_CHECK',
|
|
callback = process_specific_cb
|
|
}
|
|
|
|
rspamd_config:register_symbol{
|
|
type = 'virtual',
|
|
name = 'PDF_ENCRYPTED',
|
|
parent = id,
|
|
groups = {"content", "pdf"},
|
|
}
|
|
rspamd_config:register_symbol{
|
|
type = 'virtual',
|
|
name = 'PDF_JAVASCRIPT',
|
|
parent = id,
|
|
groups = {"content", "pdf"},
|
|
}
|
|
rspamd_config:register_symbol{
|
|
type = 'virtual',
|
|
name = 'PDF_SUSPICIOUS',
|
|
parent = id,
|
|
groups = {"content", "pdf"},
|
|
}
|
|
rspamd_config:register_symbol{
|
|
type = 'virtual',
|
|
name = 'PDF_LONG_TRAILER',
|
|
parent = id,
|
|
groups = {"content", "pdf"},
|
|
}
|
|
rspamd_config:register_symbol{
|
|
type = 'virtual',
|
|
name = 'PDF_MANY_OBJECTS',
|
|
parent = id,
|
|
groups = {"content", "pdf"},
|
|
}
|
|
rspamd_config:register_symbol{
|
|
type = 'virtual',
|
|
name = 'PDF_TIMEOUT',
|
|
parent = id,
|
|
groups = {"content", "pdf"},
|
|
} |