Vsevolod Stakhov
4 years ago
2 changed files with 25 additions and 3 deletions
+ 15
- 3
lualib/lua_scanners/common.lua
View File
| @@ -84,6 +84,11 @@ local function yield_result(task, rule, vname, dyn_weight, is_fail) | |||
| symbol = rule.symbol_encrypted | |||
| threat_info = "Scan has returned that input was encrypted" | |||
| dyn_weight = 1.0 | |||
| elseif is_fail == 'macro' then | |||
| patterns = rule.patterns | |||
| symbol = rule.symbol_macro | |||
| threat_info = "Scan has returned that input contains macros" | |||
| dyn_weight = 1.0 | |||
| end | |||
| if type(vname) == 'string' then | |||
| @@ -198,9 +203,16 @@ local function need_check(task, content, rule, digest, fn) | |||
| local threat_string = lua_util.str_split(data[1], '\v') | |||
| local score = data[2] or rule.default_score | |||
| if threat_string[1] ~= 'OK' then | |||
| lua_util.debugm(rule.name, task, '%s: got cached threat result for %s: %s - score: %s', | |||
| rule.log_prefix, key, threat_string[1], score) | |||
| yield_result(task, rule, threat_string, score) | |||
| if threat_string[1] == 'MACRO' then | |||
| yield_result(task, rule, 'File contains macros', 0.0, 'macro') | |||
| elseif threat_string[1] == 'ENCRYPTED' then | |||
| yield_result(task, rule, 'File is encrypted', 0.0, 'encrypted') | |||
| else | |||
| lua_util.debugm(rule.name, task, '%s: got cached threat result for %s: %s - score: %s', | |||
| rule.log_prefix, key, threat_string[1], score) | |||
| yield_result(task, rule, threat_string, score) | |||
| end | |||
| else | |||
| lua_util.debugm(rule.name, task, '%s: got cached negative result for %s: %s', | |||
| rule.log_prefix, key, threat_string[1]) | |||
+ 10
- 0
src/plugins/lua/antivirus.lua
View File
| @@ -91,6 +91,9 @@ local function add_antivirus_rule(sym, opts) | |||
| if not opts.symbol_encrypted then | |||
| opts.symbol_encrypted = opts.symbol .. '_ENCRYPTED' | |||
| end | |||
| if not opts.symbol_macro then | |||
| opts.symbol_macro = opts.symbol .. '_MACRO' | |||
| end | |||
| -- WORKAROUND for deprecated attachments_only | |||
| if opts.attachments_only ~= nil then | |||
| @@ -180,6 +183,13 @@ if opts and type(opts) == 'table' then | |||
| score = 0.0, | |||
| group = N | |||
| }) | |||
| rspamd_config:register_symbol({ | |||
| type = 'virtual', | |||
| name = m['symbol_macro'], | |||
| parent = id, | |||
| score = 0.0, | |||
| group = N | |||
| }) | |||
| has_valid = true | |||
| if type(m['patterns']) == 'table' then | |||
| if m['patterns'][1] then | |||
Loading…