[Feature] Support caching for encrypted files and macros

lualib/lua_scanners/clamav.lua

@@ -139,6 +139,7 @@ local function clamav_check(task, content, digest, rule)
           if string.find(vname, '^Heuristics%.Encrypted') then
             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)
             common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted')
+            cached = 'encrypted'
           elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then
             rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix)
             common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail')

lualib/lua_scanners/kaspersky_se.lua

@@ -207,14 +207,24 @@ local function kaspersky_se_check(task, content, digest, rule)
         local cached
         lua_util.debugm(rule.name, task, '%s: got reply data: "%s"',
             rule.log_prefix, data)
-        if data == 'CLEAN' then
-          cached = 'OK'
-          if rule['log_clean'] then
-            rspamd_logger.infox(task, '%s: message or mime_part is clean',
-                rule.log_prefix)
+
+        if data:find('^CLEAN') then
+          -- Handle CLEAN replies
+          if data == 'CLEAN' then
+            cached = 'OK'
+            if rule['log_clean'] then
+              rspamd_logger.infox(task, '%s: message or mime_part is clean',
+                  rule.log_prefix)
+            else
+              lua_util.debugm(rule.name, task, '%s: message or mime_part is clean',
+                  rule.log_prefix)
+            end
+          elseif data == 'CLEAN AND CONTAINS OFFICE MACRO' then
+            common.yield_result(task, rule, 'File contains macros', 0.0, 'encrypted')
+            cached = 'MACRO'
           else
-            lua_util.debugm(rule.name, task, '%s: message or mime_part is clean',
-                rule.log_prefix)
+            rspamd_logger.errx(task, '%s: unhandled clean response: %s', rule.log_prefix, data)
+            common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail')
           end
         elseif data == 'SERVER_ERROR' then
           rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data)
@@ -231,6 +241,7 @@ local function kaspersky_se_check(task, content, digest, rule)
             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)
             common.yield_result(task, rule, 'File is encrypted: '.. why,
                 0.0, 'encrypted')
+            cached = 'ENCRYPTED'
           else
             common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail')
           end

lualib/lua_scanners/sophos.lua

@@ -123,6 +123,7 @@ local function sophos_check(task, content, digest, rule)
         lua_util.debugm(rule.name, task,
             '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
         local vname = string.match(data, 'VIRUS (%S+) ')
+        local cached
         if vname then
           common.yield_result(task, rule, vname)
           common.save_cache(task, digest, rule, vname)
@@ -134,13 +135,14 @@ local function sophos_check(task, content, digest, rule)
               lua_util.debugm(rule.name, task,
                   '%s: message or mime_part is clean', rule.log_prefix)
             end
-            common.save_cache(task, digest, rule, 'OK')
+            cached = 'OK'
             -- not finished - continue
           elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then
             conn:add_read(sophos_callback)
           elseif string.find(data, 'FAIL 0212') then
             rspamd_logger.warnx(task, 'Message is encrypted (FAIL 0212): %s', data)
             common.yield_result(task, rule, 'SAVDI: Message is encrypted (FAIL 0212)', 0.0, 'fail')
+            cached = 'ENCRYPTED'
           elseif string.find(data, 'REJ 4') then
             rspamd_logger.warnx(task, 'Message is oversized (REJ 4): %s', data)
             common.yield_result(task, rule, 'SAVDI: Message oversized (REJ 4)', 0.0, 'fail')
@@ -152,7 +154,9 @@ local function sophos_check(task, content, digest, rule)
             rspamd_logger.errx(task, 'unhandled response: %s', data)
             common.yield_result(task, rule, 'unhandled response: ' .. data, 0.0, 'fail')
           end
-
+          if cached then
+            common.save_cache(task, digest, rule, cached)
+          end
         end
       end
     end