@@ -139,6 +139,7 @@ local function clamav_check(task, content, digest, rule) | |||
if string.find(vname, '^Heuristics%.Encrypted') then | |||
rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) | |||
common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted') | |||
cached = 'encrypted' | |||
elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then | |||
rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix) | |||
common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail') |
@@ -207,14 +207,24 @@ local function kaspersky_se_check(task, content, digest, rule) | |||
local cached | |||
lua_util.debugm(rule.name, task, '%s: got reply data: "%s"', | |||
rule.log_prefix, data) | |||
if data == 'CLEAN' then | |||
cached = 'OK' | |||
if rule['log_clean'] then | |||
rspamd_logger.infox(task, '%s: message or mime_part is clean', | |||
rule.log_prefix) | |||
if data:find('^CLEAN') then | |||
-- Handle CLEAN replies | |||
if data == 'CLEAN' then | |||
cached = 'OK' | |||
if rule['log_clean'] then | |||
rspamd_logger.infox(task, '%s: message or mime_part is clean', | |||
rule.log_prefix) | |||
else | |||
lua_util.debugm(rule.name, task, '%s: message or mime_part is clean', | |||
rule.log_prefix) | |||
end | |||
elseif data == 'CLEAN AND CONTAINS OFFICE MACRO' then | |||
common.yield_result(task, rule, 'File contains macros', 0.0, 'encrypted') | |||
cached = 'MACRO' | |||
else | |||
lua_util.debugm(rule.name, task, '%s: message or mime_part is clean', | |||
rule.log_prefix) | |||
rspamd_logger.errx(task, '%s: unhandled clean response: %s', rule.log_prefix, data) | |||
common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail') | |||
end | |||
elseif data == 'SERVER_ERROR' then | |||
rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data) | |||
@@ -231,6 +241,7 @@ local function kaspersky_se_check(task, content, digest, rule) | |||
rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) | |||
common.yield_result(task, rule, 'File is encrypted: '.. why, | |||
0.0, 'encrypted') | |||
cached = 'ENCRYPTED' | |||
else | |||
common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail') | |||
end |
@@ -123,6 +123,7 @@ local function sophos_check(task, content, digest, rule) | |||
lua_util.debugm(rule.name, task, | |||
'%s [%s]: got reply: %s', rule['symbol'], rule['type'], data) | |||
local vname = string.match(data, 'VIRUS (%S+) ') | |||
local cached | |||
if vname then | |||
common.yield_result(task, rule, vname) | |||
common.save_cache(task, digest, rule, vname) | |||
@@ -134,13 +135,14 @@ local function sophos_check(task, content, digest, rule) | |||
lua_util.debugm(rule.name, task, | |||
'%s: message or mime_part is clean', rule.log_prefix) | |||
end | |||
common.save_cache(task, digest, rule, 'OK') | |||
cached = 'OK' | |||
-- not finished - continue | |||
elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then | |||
conn:add_read(sophos_callback) | |||
elseif string.find(data, 'FAIL 0212') then | |||
rspamd_logger.warnx(task, 'Message is encrypted (FAIL 0212): %s', data) | |||
common.yield_result(task, rule, 'SAVDI: Message is encrypted (FAIL 0212)', 0.0, 'fail') | |||
cached = 'ENCRYPTED' | |||
elseif string.find(data, 'REJ 4') then | |||
rspamd_logger.warnx(task, 'Message is oversized (REJ 4): %s', data) | |||
common.yield_result(task, rule, 'SAVDI: Message oversized (REJ 4)', 0.0, 'fail') | |||
@@ -152,7 +154,9 @@ local function sophos_check(task, content, digest, rule) | |||
rspamd_logger.errx(task, 'unhandled response: %s', data) | |||
common.yield_result(task, rule, 'unhandled response: ' .. data, 0.0, 'fail') | |||
end | |||
if cached then | |||
common.save_cache(task, digest, rule, cached) | |||
end | |||
end | |||
end | |||
end |