mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
Browse Source

[FIX] lua_scanners - using N is much smarter ;)

tags/1.9.0
Carsten Rosenberg 5 years ago
parent
42bde308e2
commit
44de7f5879
8 changed files with 67 additions and 67 deletions
Split View Show Diff Stats
  1. 7
    7
      lualib/lua_scanners/clamav.lua
  2. 10
    10
      lualib/lua_scanners/dcc.lua
  3. 5
    5
      lualib/lua_scanners/fprot.lua
  4. 11
    11
      lualib/lua_scanners/icap.lua
  5. 6
    6
      lualib/lua_scanners/kaspersky_av.lua
  6. 13
    13
      lualib/lua_scanners/oletools.lua
  7. 8
    8
      lualib/lua_scanners/savapi.lua
  8. 7
    7
      lualib/lua_scanners/sophos.lua

+ 7
- 7
lualib/lua_scanners/clamav.lua View File

@@ -26,13 +26,13 @@ local rspamd_util = require "rspamd_util"
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"

local module_name = "clamav"
local N = "clamav"

local default_message = '${SCANNER}: virus found: "${VIRUS}"'

local function clamav_config(opts)
local clamav_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
@@ -70,7 +70,7 @@ local function clamav_config(opts)
clamav_conf.default_port)

if clamav_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', clamav_conf.module_name)
lua_util.add_debug_alias('antivirus', clamav_conf.N)
return clamav_conf
end

@@ -103,7 +103,7 @@ local function clamav_check(task, content, digest, rule)
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s: retry IP: %s', rule.log_prefix, addr)
lua_util.debugm(rule.N, task, '%s: retry IP: %s', rule.log_prefix, addr)

tcp.request({
task = task,
@@ -123,13 +123,13 @@ local function clamav_check(task, content, digest, rule)
upstream:ok()
data = tostring(data)
local cached
lua_util.debugm(rule.module_name, task, '%s: got reply: %s', rule.log_prefix, data)
lua_util.debugm(rule.N, task, '%s: got reply: %s', rule.log_prefix, data)
if data == 'stream: OK' then
cached = 'OK'
if rule['log_clean'] then
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
else
lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix)
lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix)
end
else
local vname = string.match(data, 'stream: (.+) FOUND')
@@ -172,5 +172,5 @@ return {
description = 'clamav antivirus',
configure = clamav_config,
check = clamav_check,
name = module_name
name = N
}

+ 10
- 10
lualib/lua_scanners/dcc.lua View File

@@ -27,7 +27,7 @@ local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"
local fun = require "fun"

local module_name = 'dcc'
local N = 'dcc'

local function dcc_check(task, content, digest, rule)
local function dcc_check_uncached ()
@@ -90,14 +90,14 @@ local function dcc_check(task, content, digest, rule)

retransmits = retransmits - 1

lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, err, retransmits)

-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port())

tcp.request({
@@ -128,7 +128,7 @@ local function dcc_check(task, content, digest, rule)
-- Parse the response
if upstream then upstream:ok() end
local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n")
lua_util.debugm(rule.module_name, task, 'DCC result=%1 disposition=%2 header="%3"',
lua_util.debugm(rule.N, task, 'DCC result=%1 disposition=%2 header="%3"',
result, disposition, header)

if header then
@@ -198,7 +198,7 @@ local function dcc_check(task, content, digest, rule)
rspamd_logger.infox(task, '%s: clean, returned result A - info: %s',
rule.log_prefix, info)
else
lua_util.debugm(rule.module_name, task, '%s: returned result A - info: %s',
lua_util.debugm(rule.N, task, '%s: returned result A - info: %s',
rule.log_prefix, info)
end
end
@@ -208,7 +208,7 @@ local function dcc_check(task, content, digest, rule)
if rule.log_clean then
rspamd_logger.infox(task, '%s: clean, returned result G - info: %s', rule.log_prefix, info)
else
lua_util.debugm(rule.module_name, task, '%s: returned result G - info: %s', rule.log_prefix, info)
lua_util.debugm(rule.N, task, '%s: returned result G - info: %s', rule.log_prefix, info)
end
elseif result == 'S' then
-- do nothing
@@ -216,7 +216,7 @@ local function dcc_check(task, content, digest, rule)
if rule.log_clean then
rspamd_logger.infox(task, '%s: clean, returned result S - info: %s', rule.log_prefix, info)
else
lua_util.debugm(rule.module_name, task, '%s: returned result S - info: %s', rule.log_prefix, info)
lua_util.debugm(rule.N, task, '%s: returned result S - info: %s', rule.log_prefix, info)
end
else
-- Unknown result
@@ -254,7 +254,7 @@ end
local function dcc_config(opts)

local dcc_conf = {
module_name = module_name,
N = N,
default_port = 10045,
timeout = 5.0,
log_clean = false,
@@ -302,7 +302,7 @@ local function dcc_config(opts)
dcc_conf.default_port)

if dcc_conf.upstreams then
lua_util.add_debug_alias('external_services', dcc_conf.module_name)
lua_util.add_debug_alias('external_services', dcc_conf.N)
return dcc_conf
end

@@ -316,5 +316,5 @@ return {
description = 'dcc bulk scanner',
configure = dcc_config,
check = dcc_check,
name = module_name
name = N
}

+ 5
- 5
lualib/lua_scanners/fprot.lua View File

@@ -25,13 +25,13 @@ local upstream_list = require "rspamd_upstream_list"
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"

local module_name = "fprot"
local N = "fprot"

local default_message = '${SCANNER}: virus found: "${VIRUS}"'

local function fprot_config(opts)
local fprot_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
@@ -69,7 +69,7 @@ local function fprot_config(opts)
fprot_conf.default_port)

if fprot_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', fprot_conf.module_name)
lua_util.add_debug_alias('antivirus', fprot_conf.N)
return fprot_conf
end

@@ -103,7 +103,7 @@ local function fprot_check(task, content, digest, rule)
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)

tcp.request({
task = task,
@@ -175,5 +175,5 @@ return {
description = 'fprot antivirus',
configure = fprot_config,
check = fprot_check,
name = module_name
name = N
}

+ 11
- 11
lualib/lua_scanners/icap.lua View File

@@ -27,7 +27,7 @@ local upstream_list = require "rspamd_upstream_list"
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"

local module_name = 'icap'
local N = 'icap'

local function icap_check(task, content, digest, rule)
local function icap_check_uncached ()
@@ -44,7 +44,7 @@ local function icap_check(task, content, digest, rule)
"Encapsulated: null-body=0\r\n\r\n",
}
local size = string.format("%x", tonumber(#content))
lua_util.debugm(rule.module_name, task, '%s: size: %s', rule.log_prefix, size)
lua_util.debugm(rule.N, task, '%s: size: %s', rule.log_prefix, size)

local function get_respond_query()
table.insert(respond_headers, 1, 'RESPMOD icap://' .. addr:to_string() .. ':' .. addr:get_port() .. '/'
@@ -72,7 +72,7 @@ local function icap_check(task, content, digest, rule)
icap_headers[key] = value
end
end
lua_util.debugm(rule.module_name, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers)
lua_util.debugm(rule.N, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers)
return icap_headers
end

@@ -99,10 +99,10 @@ local function icap_check(task, content, digest, rule)
if icap_headers['X-Infection-Found'] ~= nil then
pattern_symbols = "(Type%=%d; .* Threat%=)(.*)([;]+)"
match = string.gsub(icap_headers['X-Infection-Found'], pattern_symbols, "%2")
lua_util.debugm(rule.module_name, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match)
lua_util.debugm(rule.N, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match)
table.insert(threat_string, match)
elseif icap_headers['X-Virus-ID'] ~= nil then
lua_util.debugm(rule.module_name, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
lua_util.debugm(rule.N, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
table.insert(threat_string, icap_headers['X-Virus-ID'])
end

@@ -177,14 +177,14 @@ local function icap_check(task, content, digest, rule)

retransmits = retransmits - 1

lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, error, retransmits)

-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port())

tcp.request({
@@ -237,7 +237,7 @@ end
local function icap_config(opts)

local icap_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true,
scan_all_mime_parts = true,
scan_text_mime = false,
@@ -283,7 +283,7 @@ local function icap_config(opts)
icap_conf.default_port)

if icap_conf.upstreams then
lua_util.add_debug_alias('external_services', icap_conf.module_name)
lua_util.add_debug_alias('external_services', icap_conf.N)
return icap_conf
end

@@ -293,9 +293,9 @@ local function icap_config(opts)
end

return {
type = {module_name,'virus', 'virus', 'scanner'},
type = {N,'virus', 'virus', 'scanner'},
description = 'generic icap antivirus',
configure = icap_config,
check = icap_check,
name = module_name
name = N
}

+ 6
- 6
lualib/lua_scanners/kaspersky_av.lua View File

@@ -26,13 +26,13 @@ local rspamd_util = require "rspamd_util"
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"

local module_name = "kaspersky"
local N = "kaspersky"

local default_message = '${SCANNER}: virus found: "${VIRUS}"'

local function kaspersky_config(opts)
local kaspersky_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
@@ -70,7 +70,7 @@ local function kaspersky_config(opts)
kaspersky_conf['servers'], 0)

if kaspersky_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', kaspersky_conf.module_name)
lua_util.add_debug_alias('antivirus', kaspersky_conf.N)
return kaspersky_conf
end

@@ -122,7 +122,7 @@ local function kaspersky_check(task, content, digest, rule)
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task,
lua_util.debugm(rule.N, task,
'%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)

tcp.request({
@@ -146,7 +146,7 @@ local function kaspersky_check(task, content, digest, rule)
upstream:ok()
data = tostring(data)
local cached
lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s',
lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s',
rule['symbol'], rule['type'], data)
if data == 'stream: OK' or data == fname .. ': OK' then
cached = 'OK'
@@ -192,5 +192,5 @@ return {
description = 'kaspersky antivirus',
configure = kaspersky_config,
check = kaspersky_check,
name = module_name
name = N
}

+ 13
- 13
lualib/lua_scanners/oletools.lua View File

@@ -28,7 +28,7 @@ local rspamd_logger = require "rspamd_logger"
local ucl = require "ucl"
local common = require "lua_scanners/common"

local module_name = 'oletools'
local N = 'oletools'

local function oletools_check(task, content, digest, rule)
local function oletools_check_uncached ()
@@ -48,14 +48,14 @@ local function oletools_check(task, content, digest, rule)

retransmits = retransmits - 1

lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, error, retransmits)

-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port())

tcp.request({
@@ -146,18 +146,18 @@ local function oletools_check(task, content, digest, rule)
local m_dridex = '-'
local m_vba = '-'

lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
lua_util.debugm(rule.N, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
lua_util.debugm(rule.N, task, '%s: type: %s', rule.log_prefix, result[2]['type'])

for _,m in ipairs(result[2]['macros']) do
lua_util.debugm(rule.module_name, task, '%s: macros found - code: %s, ole_stream: %s, '..
lua_util.debugm(rule.N, task, '%s: macros found - code: %s, ole_stream: %s, '..
'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename)
end

local analysis_keyword_table = {}

for _,a in ipairs(result[2]['analysis']) do
lua_util.debugm(rule.module_name, task, '%s: threat found - type: %s, keyword: %s, '..
lua_util.debugm(rule.N, task, '%s: threat found - type: %s, keyword: %s, '..
'description: %s', rule.log_prefix, a.type, a.keyword, a.description)
if a.type == 'AutoExec' then
m_autoexec = 'A'
@@ -186,7 +186,7 @@ local function oletools_check(task, content, digest, rule)
if rule.extended == false and m_autoexec == 'A' and m_suspicious == 'S' then
-- use single string as virus name
local threat = 'AutoExec + Suspicious (' .. table.concat(analysis_keyword_table, ',') .. ')'
lua_util.debugm(rule.module_name, task, '%s: threat result: %s', rule.log_prefix, threat)
lua_util.debugm(rule.N, task, '%s: threat result: %s', rule.log_prefix, threat)
common.yield_result(task, rule, threat, rule.default_score)
common.save_av_cache(task, digest, rule, threat, rule.default_score)

@@ -203,7 +203,7 @@ local function oletools_check(task, content, digest, rule)
m_vba
table.insert(analysis_keyword_table, 1, flags)

lua_util.debugm(rule.module_name, task, '%s: extended threat result: %s',
lua_util.debugm(rule.N, task, '%s: extended threat result: %s',
rule.log_prefix, table.concat(analysis_keyword_table, ','))

common.yield_result(task, rule, analysis_keyword_table, rule.default_score)
@@ -243,7 +243,7 @@ end
local function oletools_config(opts)

local oletools_conf = {
module_name = module_name,
N = N,
scan_mime_parts = false,
scan_text_mime = false,
scan_image_mime = false,
@@ -284,7 +284,7 @@ local function oletools_config(opts)
oletools_conf.default_port)

if oletools_conf.upstreams then
lua_util.add_debug_alias('external_services', oletools_conf.module_name)
lua_util.add_debug_alias('external_services', oletools_conf.N)
return oletools_conf
end

@@ -294,9 +294,9 @@ local function oletools_config(opts)
end

return {
type = {module_name,'attachment scanner', 'hash', 'scanner'},
type = {N,'attachment scanner', 'hash', 'scanner'},
description = 'oletools office macro scanner',
configure = oletools_config,
check = oletools_check,
name = module_name
name = N
}

+ 8
- 8
lualib/lua_scanners/savapi.lua View File

@@ -26,13 +26,13 @@ local rspamd_util = require "rspamd_util"
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"

local module_name = "savapi"
local N = "savapi"

local default_message = '${SCANNER}: virus found: "${VIRUS}"'

local function savapi_config(opts)
local savapi_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
@@ -72,7 +72,7 @@ local function savapi_config(opts)
savapi_conf.default_port)

if savapi_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', savapi_conf.module_name)
lua_util.add_debug_alias('antivirus', savapi_conf.N)
return savapi_conf
end

@@ -119,7 +119,7 @@ local function savapi_check(task, content, digest, rule)
for virus,_ in pairs(vnames) do
table.insert(vnames_reordered, virus)
end
lua_util.debugm(rule.module_name, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered)
lua_util.debugm(rule.N, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered)
if #vnames_reordered > 0 then
local vname = {}
for _,virus in ipairs(vnames_reordered) do
@@ -136,7 +136,7 @@ local function savapi_check(task, content, digest, rule)

local function savapi_scan2_cb(err, data, conn)
local result = tostring(data)
lua_util.debugm(rule.module_name, task, "%s: got reply: %s",
lua_util.debugm(rule.N, task, "%s: got reply: %s",
rule['type'], result)

-- Terminal response - clean
@@ -178,7 +178,7 @@ local function savapi_check(task, content, digest, rule)
local function savapi_greet2_cb(err, data, conn)
local result = tostring(data)
if string.find(result, '100 PRODUCT') then
lua_util.debugm(rule.module_name, task, "%s: scanning file: %s",
lua_util.debugm(rule.N, task, "%s: scanning file: %s",
rule['type'], fname)
conn:add_write(savapi_scan1_cb, {string.format('SCAN %s\n',
fname)})
@@ -208,7 +208,7 @@ local function savapi_check(task, content, digest, rule)
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)

tcp.request({
task = task,
@@ -257,5 +257,5 @@ return {
description = 'savapi avira antivirus',
configure = savapi_config,
check = savapi_check,
name = module_name
name = N
}

+ 7
- 7
lualib/lua_scanners/sophos.lua View File

@@ -25,13 +25,13 @@ local upstream_list = require "rspamd_upstream_list"
local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common"

local module_name = "sophos"
local N = "sophos"

local default_message = '${SCANNER}: virus found: "${VIRUS}"'

local function sophos_config(opts)
local sophos_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true,
scan_text_mime = false,
scan_image_mime = false,
@@ -71,7 +71,7 @@ local function sophos_config(opts)
sophos_conf.default_port)

if sophos_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', sophos_conf.module_name)
lua_util.add_debug_alias('antivirus', sophos_conf.N)
return sophos_conf
end

@@ -104,7 +104,7 @@ local function sophos_check(task, content, digest, rule)
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()

lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)

tcp.request({
task = task,
@@ -121,7 +121,7 @@ local function sophos_check(task, content, digest, rule)
else
upstream:ok()
data = tostring(data)
lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
local vname = string.match(data, 'VIRUS (%S+) ')
if vname then
common.yield_result(task, rule, vname)
@@ -131,7 +131,7 @@ local function sophos_check(task, content, digest, rule)
if rule['log_clean'] then
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
else
lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix)
lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix)
end
common.save_av_cache(task, digest, rule, 'OK')
-- not finished - continue
@@ -191,5 +191,5 @@ return {
description = 'sophos antivirus',
configure = sophos_config,
check = sophos_check,
name = module_name
name = N
}

Write Preview
Loading…
Cancel
Save