if string.find(vname, '^Heuristics%.Encrypted') then | if string.find(vname, '^Heuristics%.Encrypted') then | ||||
rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) | rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) | ||||
common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted') | common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted') | ||||
cached = 'encrypted' | |||||
elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then | elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then | ||||
rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix) | rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix) | ||||
common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail') | common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail') |
local cached | local cached | ||||
lua_util.debugm(rule.name, task, '%s: got reply data: "%s"', | lua_util.debugm(rule.name, task, '%s: got reply data: "%s"', | ||||
rule.log_prefix, data) | rule.log_prefix, data) | ||||
if data == 'CLEAN' then | |||||
cached = 'OK' | |||||
if rule['log_clean'] then | |||||
rspamd_logger.infox(task, '%s: message or mime_part is clean', | |||||
rule.log_prefix) | |||||
if data:find('^CLEAN') then | |||||
-- Handle CLEAN replies | |||||
if data == 'CLEAN' then | |||||
cached = 'OK' | |||||
if rule['log_clean'] then | |||||
rspamd_logger.infox(task, '%s: message or mime_part is clean', | |||||
rule.log_prefix) | |||||
else | |||||
lua_util.debugm(rule.name, task, '%s: message or mime_part is clean', | |||||
rule.log_prefix) | |||||
end | |||||
elseif data == 'CLEAN AND CONTAINS OFFICE MACRO' then | |||||
common.yield_result(task, rule, 'File contains macros', 0.0, 'encrypted') | |||||
cached = 'MACRO' | |||||
else | else | ||||
lua_util.debugm(rule.name, task, '%s: message or mime_part is clean', | |||||
rule.log_prefix) | |||||
rspamd_logger.errx(task, '%s: unhandled clean response: %s', rule.log_prefix, data) | |||||
common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail') | |||||
end | end | ||||
elseif data == 'SERVER_ERROR' then | elseif data == 'SERVER_ERROR' then | ||||
rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data) | rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data) | ||||
rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) | rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) | ||||
common.yield_result(task, rule, 'File is encrypted: '.. why, | common.yield_result(task, rule, 'File is encrypted: '.. why, | ||||
0.0, 'encrypted') | 0.0, 'encrypted') | ||||
cached = 'ENCRYPTED' | |||||
else | else | ||||
common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail') | common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail') | ||||
end | end |
lua_util.debugm(rule.name, task, | lua_util.debugm(rule.name, task, | ||||
'%s [%s]: got reply: %s', rule['symbol'], rule['type'], data) | '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data) | ||||
local vname = string.match(data, 'VIRUS (%S+) ') | local vname = string.match(data, 'VIRUS (%S+) ') | ||||
local cached | |||||
if vname then | if vname then | ||||
common.yield_result(task, rule, vname) | common.yield_result(task, rule, vname) | ||||
common.save_cache(task, digest, rule, vname) | common.save_cache(task, digest, rule, vname) | ||||
lua_util.debugm(rule.name, task, | lua_util.debugm(rule.name, task, | ||||
'%s: message or mime_part is clean', rule.log_prefix) | '%s: message or mime_part is clean', rule.log_prefix) | ||||
end | end | ||||
common.save_cache(task, digest, rule, 'OK') | |||||
cached = 'OK' | |||||
-- not finished - continue | -- not finished - continue | ||||
elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then | elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then | ||||
conn:add_read(sophos_callback) | conn:add_read(sophos_callback) | ||||
elseif string.find(data, 'FAIL 0212') then | elseif string.find(data, 'FAIL 0212') then | ||||
rspamd_logger.warnx(task, 'Message is encrypted (FAIL 0212): %s', data) | rspamd_logger.warnx(task, 'Message is encrypted (FAIL 0212): %s', data) | ||||
common.yield_result(task, rule, 'SAVDI: Message is encrypted (FAIL 0212)', 0.0, 'fail') | common.yield_result(task, rule, 'SAVDI: Message is encrypted (FAIL 0212)', 0.0, 'fail') | ||||
cached = 'ENCRYPTED' | |||||
elseif string.find(data, 'REJ 4') then | elseif string.find(data, 'REJ 4') then | ||||
rspamd_logger.warnx(task, 'Message is oversized (REJ 4): %s', data) | rspamd_logger.warnx(task, 'Message is oversized (REJ 4): %s', data) | ||||
common.yield_result(task, rule, 'SAVDI: Message oversized (REJ 4)', 0.0, 'fail') | common.yield_result(task, rule, 'SAVDI: Message oversized (REJ 4)', 0.0, 'fail') | ||||
rspamd_logger.errx(task, 'unhandled response: %s', data) | rspamd_logger.errx(task, 'unhandled response: %s', data) | ||||
common.yield_result(task, rule, 'unhandled response: ' .. data, 0.0, 'fail') | common.yield_result(task, rule, 'unhandled response: ' .. data, 0.0, 'fail') | ||||
end | end | ||||
if cached then | |||||
common.save_cache(task, digest, rule, cached) | |||||
end | |||||
end | end | ||||
end | end | ||||
end | end |