local rspamd_logger = require "rspamd_logger" | local rspamd_logger = require "rspamd_logger" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = "clamav" | |||||
local N = "clamav" | |||||
local default_message = '${SCANNER}: virus found: "${VIRUS}"' | local default_message = '${SCANNER}: virus found: "${VIRUS}"' | ||||
local function clamav_config(opts) | local function clamav_config(opts) | ||||
local clamav_conf = { | local clamav_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = true, | scan_mime_parts = true, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
scan_image_mime = false, | scan_image_mime = false, | ||||
clamav_conf.default_port) | clamav_conf.default_port) | ||||
if clamav_conf['upstreams'] then | if clamav_conf['upstreams'] then | ||||
lua_util.add_debug_alias('antivirus', clamav_conf.module_name) | |||||
lua_util.add_debug_alias('antivirus', clamav_conf.N) | |||||
return clamav_conf | return clamav_conf | ||||
end | end | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s: retry IP: %s', rule.log_prefix, addr) | |||||
lua_util.debugm(rule.N, task, '%s: retry IP: %s', rule.log_prefix, addr) | |||||
tcp.request({ | tcp.request({ | ||||
task = task, | task = task, | ||||
upstream:ok() | upstream:ok() | ||||
data = tostring(data) | data = tostring(data) | ||||
local cached | local cached | ||||
lua_util.debugm(rule.module_name, task, '%s: got reply: %s', rule.log_prefix, data) | |||||
lua_util.debugm(rule.N, task, '%s: got reply: %s', rule.log_prefix, data) | |||||
if data == 'stream: OK' then | if data == 'stream: OK' then | ||||
cached = 'OK' | cached = 'OK' | ||||
if rule['log_clean'] then | if rule['log_clean'] then | ||||
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix) | rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix) | ||||
else | else | ||||
lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix) | |||||
lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix) | |||||
end | end | ||||
else | else | ||||
local vname = string.match(data, 'stream: (.+) FOUND') | local vname = string.match(data, 'stream: (.+) FOUND') | ||||
description = 'clamav antivirus', | description = 'clamav antivirus', | ||||
configure = clamav_config, | configure = clamav_config, | ||||
check = clamav_check, | check = clamav_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local fun = require "fun" | local fun = require "fun" | ||||
local module_name = 'dcc' | |||||
local N = 'dcc' | |||||
local function dcc_check(task, content, digest, rule) | local function dcc_check(task, content, digest, rule) | ||||
local function dcc_check_uncached () | local function dcc_check_uncached () | ||||
retransmits = retransmits - 1 | retransmits = retransmits - 1 | ||||
lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s', | |||||
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s', | |||||
rule.log_prefix, err, retransmits) | rule.log_prefix, err, retransmits) | ||||
-- Select a different upstream! | -- Select a different upstream! | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s', | |||||
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s', | |||||
rule.log_prefix, addr, addr:get_port()) | rule.log_prefix, addr, addr:get_port()) | ||||
tcp.request({ | tcp.request({ | ||||
-- Parse the response | -- Parse the response | ||||
if upstream then upstream:ok() end | if upstream then upstream:ok() end | ||||
local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n") | local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n") | ||||
lua_util.debugm(rule.module_name, task, 'DCC result=%1 disposition=%2 header="%3"', | |||||
lua_util.debugm(rule.N, task, 'DCC result=%1 disposition=%2 header="%3"', | |||||
result, disposition, header) | result, disposition, header) | ||||
if header then | if header then | ||||
rspamd_logger.infox(task, '%s: clean, returned result A - info: %s', | rspamd_logger.infox(task, '%s: clean, returned result A - info: %s', | ||||
rule.log_prefix, info) | rule.log_prefix, info) | ||||
else | else | ||||
lua_util.debugm(rule.module_name, task, '%s: returned result A - info: %s', | |||||
lua_util.debugm(rule.N, task, '%s: returned result A - info: %s', | |||||
rule.log_prefix, info) | rule.log_prefix, info) | ||||
end | end | ||||
end | end | ||||
if rule.log_clean then | if rule.log_clean then | ||||
rspamd_logger.infox(task, '%s: clean, returned result G - info: %s', rule.log_prefix, info) | rspamd_logger.infox(task, '%s: clean, returned result G - info: %s', rule.log_prefix, info) | ||||
else | else | ||||
lua_util.debugm(rule.module_name, task, '%s: returned result G - info: %s', rule.log_prefix, info) | |||||
lua_util.debugm(rule.N, task, '%s: returned result G - info: %s', rule.log_prefix, info) | |||||
end | end | ||||
elseif result == 'S' then | elseif result == 'S' then | ||||
-- do nothing | -- do nothing | ||||
if rule.log_clean then | if rule.log_clean then | ||||
rspamd_logger.infox(task, '%s: clean, returned result S - info: %s', rule.log_prefix, info) | rspamd_logger.infox(task, '%s: clean, returned result S - info: %s', rule.log_prefix, info) | ||||
else | else | ||||
lua_util.debugm(rule.module_name, task, '%s: returned result S - info: %s', rule.log_prefix, info) | |||||
lua_util.debugm(rule.N, task, '%s: returned result S - info: %s', rule.log_prefix, info) | |||||
end | end | ||||
else | else | ||||
-- Unknown result | -- Unknown result | ||||
local function dcc_config(opts) | local function dcc_config(opts) | ||||
local dcc_conf = { | local dcc_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
default_port = 10045, | default_port = 10045, | ||||
timeout = 5.0, | timeout = 5.0, | ||||
log_clean = false, | log_clean = false, | ||||
dcc_conf.default_port) | dcc_conf.default_port) | ||||
if dcc_conf.upstreams then | if dcc_conf.upstreams then | ||||
lua_util.add_debug_alias('external_services', dcc_conf.module_name) | |||||
lua_util.add_debug_alias('external_services', dcc_conf.N) | |||||
return dcc_conf | return dcc_conf | ||||
end | end | ||||
description = 'dcc bulk scanner', | description = 'dcc bulk scanner', | ||||
configure = dcc_config, | configure = dcc_config, | ||||
check = dcc_check, | check = dcc_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local rspamd_logger = require "rspamd_logger" | local rspamd_logger = require "rspamd_logger" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = "fprot" | |||||
local N = "fprot" | |||||
local default_message = '${SCANNER}: virus found: "${VIRUS}"' | local default_message = '${SCANNER}: virus found: "${VIRUS}"' | ||||
local function fprot_config(opts) | local function fprot_config(opts) | ||||
local fprot_conf = { | local fprot_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = true, | scan_mime_parts = true, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
scan_image_mime = false, | scan_image_mime = false, | ||||
fprot_conf.default_port) | fprot_conf.default_port) | ||||
if fprot_conf['upstreams'] then | if fprot_conf['upstreams'] then | ||||
lua_util.add_debug_alias('antivirus', fprot_conf.module_name) | |||||
lua_util.add_debug_alias('antivirus', fprot_conf.N) | |||||
return fprot_conf | return fprot_conf | ||||
end | end | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | |||||
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | |||||
tcp.request({ | tcp.request({ | ||||
task = task, | task = task, | ||||
description = 'fprot antivirus', | description = 'fprot antivirus', | ||||
configure = fprot_config, | configure = fprot_config, | ||||
check = fprot_check, | check = fprot_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local rspamd_logger = require "rspamd_logger" | local rspamd_logger = require "rspamd_logger" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = 'icap' | |||||
local N = 'icap' | |||||
local function icap_check(task, content, digest, rule) | local function icap_check(task, content, digest, rule) | ||||
local function icap_check_uncached () | local function icap_check_uncached () | ||||
"Encapsulated: null-body=0\r\n\r\n", | "Encapsulated: null-body=0\r\n\r\n", | ||||
} | } | ||||
local size = string.format("%x", tonumber(#content)) | local size = string.format("%x", tonumber(#content)) | ||||
lua_util.debugm(rule.module_name, task, '%s: size: %s', rule.log_prefix, size) | |||||
lua_util.debugm(rule.N, task, '%s: size: %s', rule.log_prefix, size) | |||||
local function get_respond_query() | local function get_respond_query() | ||||
table.insert(respond_headers, 1, 'RESPMOD icap://' .. addr:to_string() .. ':' .. addr:get_port() .. '/' | table.insert(respond_headers, 1, 'RESPMOD icap://' .. addr:to_string() .. ':' .. addr:get_port() .. '/' | ||||
icap_headers[key] = value | icap_headers[key] = value | ||||
end | end | ||||
end | end | ||||
lua_util.debugm(rule.module_name, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers) | |||||
lua_util.debugm(rule.N, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers) | |||||
return icap_headers | return icap_headers | ||||
end | end | ||||
if icap_headers['X-Infection-Found'] ~= nil then | if icap_headers['X-Infection-Found'] ~= nil then | ||||
pattern_symbols = "(Type%=%d; .* Threat%=)(.*)([;]+)" | pattern_symbols = "(Type%=%d; .* Threat%=)(.*)([;]+)" | ||||
match = string.gsub(icap_headers['X-Infection-Found'], pattern_symbols, "%2") | match = string.gsub(icap_headers['X-Infection-Found'], pattern_symbols, "%2") | ||||
lua_util.debugm(rule.module_name, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match) | |||||
lua_util.debugm(rule.N, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match) | |||||
table.insert(threat_string, match) | table.insert(threat_string, match) | ||||
elseif icap_headers['X-Virus-ID'] ~= nil then | elseif icap_headers['X-Virus-ID'] ~= nil then | ||||
lua_util.debugm(rule.module_name, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID']) | |||||
lua_util.debugm(rule.N, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID']) | |||||
table.insert(threat_string, icap_headers['X-Virus-ID']) | table.insert(threat_string, icap_headers['X-Virus-ID']) | ||||
end | end | ||||
retransmits = retransmits - 1 | retransmits = retransmits - 1 | ||||
lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s', | |||||
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s', | |||||
rule.log_prefix, error, retransmits) | rule.log_prefix, error, retransmits) | ||||
-- Select a different upstream! | -- Select a different upstream! | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s', | |||||
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s', | |||||
rule.log_prefix, addr, addr:get_port()) | rule.log_prefix, addr, addr:get_port()) | ||||
tcp.request({ | tcp.request({ | ||||
local function icap_config(opts) | local function icap_config(opts) | ||||
local icap_conf = { | local icap_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = true, | scan_mime_parts = true, | ||||
scan_all_mime_parts = true, | scan_all_mime_parts = true, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
icap_conf.default_port) | icap_conf.default_port) | ||||
if icap_conf.upstreams then | if icap_conf.upstreams then | ||||
lua_util.add_debug_alias('external_services', icap_conf.module_name) | |||||
lua_util.add_debug_alias('external_services', icap_conf.N) | |||||
return icap_conf | return icap_conf | ||||
end | end | ||||
end | end | ||||
return { | return { | ||||
type = {module_name,'virus', 'virus', 'scanner'}, | |||||
type = {N,'virus', 'virus', 'scanner'}, | |||||
description = 'generic icap antivirus', | description = 'generic icap antivirus', | ||||
configure = icap_config, | configure = icap_config, | ||||
check = icap_check, | check = icap_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local rspamd_logger = require "rspamd_logger" | local rspamd_logger = require "rspamd_logger" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = "kaspersky" | |||||
local N = "kaspersky" | |||||
local default_message = '${SCANNER}: virus found: "${VIRUS}"' | local default_message = '${SCANNER}: virus found: "${VIRUS}"' | ||||
local function kaspersky_config(opts) | local function kaspersky_config(opts) | ||||
local kaspersky_conf = { | local kaspersky_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = true, | scan_mime_parts = true, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
scan_image_mime = false, | scan_image_mime = false, | ||||
kaspersky_conf['servers'], 0) | kaspersky_conf['servers'], 0) | ||||
if kaspersky_conf['upstreams'] then | if kaspersky_conf['upstreams'] then | ||||
lua_util.add_debug_alias('antivirus', kaspersky_conf.module_name) | |||||
lua_util.add_debug_alias('antivirus', kaspersky_conf.N) | |||||
return kaspersky_conf | return kaspersky_conf | ||||
end | end | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, | |||||
lua_util.debugm(rule.N, task, | |||||
'%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | ||||
tcp.request({ | tcp.request({ | ||||
upstream:ok() | upstream:ok() | ||||
data = tostring(data) | data = tostring(data) | ||||
local cached | local cached | ||||
lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s', | |||||
lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s', | |||||
rule['symbol'], rule['type'], data) | rule['symbol'], rule['type'], data) | ||||
if data == 'stream: OK' or data == fname .. ': OK' then | if data == 'stream: OK' or data == fname .. ': OK' then | ||||
cached = 'OK' | cached = 'OK' | ||||
description = 'kaspersky antivirus', | description = 'kaspersky antivirus', | ||||
configure = kaspersky_config, | configure = kaspersky_config, | ||||
check = kaspersky_check, | check = kaspersky_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local ucl = require "ucl" | local ucl = require "ucl" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = 'oletools' | |||||
local N = 'oletools' | |||||
local function oletools_check(task, content, digest, rule) | local function oletools_check(task, content, digest, rule) | ||||
local function oletools_check_uncached () | local function oletools_check_uncached () | ||||
retransmits = retransmits - 1 | retransmits = retransmits - 1 | ||||
lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s', | |||||
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s', | |||||
rule.log_prefix, error, retransmits) | rule.log_prefix, error, retransmits) | ||||
-- Select a different upstream! | -- Select a different upstream! | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s', | |||||
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s', | |||||
rule.log_prefix, addr, addr:get_port()) | rule.log_prefix, addr, addr:get_port()) | ||||
tcp.request({ | tcp.request({ | ||||
local m_dridex = '-' | local m_dridex = '-' | ||||
local m_vba = '-' | local m_vba = '-' | ||||
lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file']) | |||||
lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type']) | |||||
lua_util.debugm(rule.N, task, '%s: filename: %s', rule.log_prefix, result[2]['file']) | |||||
lua_util.debugm(rule.N, task, '%s: type: %s', rule.log_prefix, result[2]['type']) | |||||
for _,m in ipairs(result[2]['macros']) do | for _,m in ipairs(result[2]['macros']) do | ||||
lua_util.debugm(rule.module_name, task, '%s: macros found - code: %s, ole_stream: %s, '.. | |||||
lua_util.debugm(rule.N, task, '%s: macros found - code: %s, ole_stream: %s, '.. | |||||
'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename) | 'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename) | ||||
end | end | ||||
local analysis_keyword_table = {} | local analysis_keyword_table = {} | ||||
for _,a in ipairs(result[2]['analysis']) do | for _,a in ipairs(result[2]['analysis']) do | ||||
lua_util.debugm(rule.module_name, task, '%s: threat found - type: %s, keyword: %s, '.. | |||||
lua_util.debugm(rule.N, task, '%s: threat found - type: %s, keyword: %s, '.. | |||||
'description: %s', rule.log_prefix, a.type, a.keyword, a.description) | 'description: %s', rule.log_prefix, a.type, a.keyword, a.description) | ||||
if a.type == 'AutoExec' then | if a.type == 'AutoExec' then | ||||
m_autoexec = 'A' | m_autoexec = 'A' | ||||
if rule.extended == false and m_autoexec == 'A' and m_suspicious == 'S' then | if rule.extended == false and m_autoexec == 'A' and m_suspicious == 'S' then | ||||
-- use single string as virus name | -- use single string as virus name | ||||
local threat = 'AutoExec + Suspicious (' .. table.concat(analysis_keyword_table, ',') .. ')' | local threat = 'AutoExec + Suspicious (' .. table.concat(analysis_keyword_table, ',') .. ')' | ||||
lua_util.debugm(rule.module_name, task, '%s: threat result: %s', rule.log_prefix, threat) | |||||
lua_util.debugm(rule.N, task, '%s: threat result: %s', rule.log_prefix, threat) | |||||
common.yield_result(task, rule, threat, rule.default_score) | common.yield_result(task, rule, threat, rule.default_score) | ||||
common.save_av_cache(task, digest, rule, threat, rule.default_score) | common.save_av_cache(task, digest, rule, threat, rule.default_score) | ||||
m_vba | m_vba | ||||
table.insert(analysis_keyword_table, 1, flags) | table.insert(analysis_keyword_table, 1, flags) | ||||
lua_util.debugm(rule.module_name, task, '%s: extended threat result: %s', | |||||
lua_util.debugm(rule.N, task, '%s: extended threat result: %s', | |||||
rule.log_prefix, table.concat(analysis_keyword_table, ',')) | rule.log_prefix, table.concat(analysis_keyword_table, ',')) | ||||
common.yield_result(task, rule, analysis_keyword_table, rule.default_score) | common.yield_result(task, rule, analysis_keyword_table, rule.default_score) | ||||
local function oletools_config(opts) | local function oletools_config(opts) | ||||
local oletools_conf = { | local oletools_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = false, | scan_mime_parts = false, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
scan_image_mime = false, | scan_image_mime = false, | ||||
oletools_conf.default_port) | oletools_conf.default_port) | ||||
if oletools_conf.upstreams then | if oletools_conf.upstreams then | ||||
lua_util.add_debug_alias('external_services', oletools_conf.module_name) | |||||
lua_util.add_debug_alias('external_services', oletools_conf.N) | |||||
return oletools_conf | return oletools_conf | ||||
end | end | ||||
end | end | ||||
return { | return { | ||||
type = {module_name,'attachment scanner', 'hash', 'scanner'}, | |||||
type = {N,'attachment scanner', 'hash', 'scanner'}, | |||||
description = 'oletools office macro scanner', | description = 'oletools office macro scanner', | ||||
configure = oletools_config, | configure = oletools_config, | ||||
check = oletools_check, | check = oletools_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local rspamd_logger = require "rspamd_logger" | local rspamd_logger = require "rspamd_logger" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = "savapi" | |||||
local N = "savapi" | |||||
local default_message = '${SCANNER}: virus found: "${VIRUS}"' | local default_message = '${SCANNER}: virus found: "${VIRUS}"' | ||||
local function savapi_config(opts) | local function savapi_config(opts) | ||||
local savapi_conf = { | local savapi_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = true, | scan_mime_parts = true, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
scan_image_mime = false, | scan_image_mime = false, | ||||
savapi_conf.default_port) | savapi_conf.default_port) | ||||
if savapi_conf['upstreams'] then | if savapi_conf['upstreams'] then | ||||
lua_util.add_debug_alias('antivirus', savapi_conf.module_name) | |||||
lua_util.add_debug_alias('antivirus', savapi_conf.N) | |||||
return savapi_conf | return savapi_conf | ||||
end | end | ||||
for virus,_ in pairs(vnames) do | for virus,_ in pairs(vnames) do | ||||
table.insert(vnames_reordered, virus) | table.insert(vnames_reordered, virus) | ||||
end | end | ||||
lua_util.debugm(rule.module_name, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered) | |||||
lua_util.debugm(rule.N, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered) | |||||
if #vnames_reordered > 0 then | if #vnames_reordered > 0 then | ||||
local vname = {} | local vname = {} | ||||
for _,virus in ipairs(vnames_reordered) do | for _,virus in ipairs(vnames_reordered) do | ||||
local function savapi_scan2_cb(err, data, conn) | local function savapi_scan2_cb(err, data, conn) | ||||
local result = tostring(data) | local result = tostring(data) | ||||
lua_util.debugm(rule.module_name, task, "%s: got reply: %s", | |||||
lua_util.debugm(rule.N, task, "%s: got reply: %s", | |||||
rule['type'], result) | rule['type'], result) | ||||
-- Terminal response - clean | -- Terminal response - clean | ||||
local function savapi_greet2_cb(err, data, conn) | local function savapi_greet2_cb(err, data, conn) | ||||
local result = tostring(data) | local result = tostring(data) | ||||
if string.find(result, '100 PRODUCT') then | if string.find(result, '100 PRODUCT') then | ||||
lua_util.debugm(rule.module_name, task, "%s: scanning file: %s", | |||||
lua_util.debugm(rule.N, task, "%s: scanning file: %s", | |||||
rule['type'], fname) | rule['type'], fname) | ||||
conn:add_write(savapi_scan1_cb, {string.format('SCAN %s\n', | conn:add_write(savapi_scan1_cb, {string.format('SCAN %s\n', | ||||
fname)}) | fname)}) | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | |||||
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | |||||
tcp.request({ | tcp.request({ | ||||
task = task, | task = task, | ||||
description = 'savapi avira antivirus', | description = 'savapi avira antivirus', | ||||
configure = savapi_config, | configure = savapi_config, | ||||
check = savapi_check, | check = savapi_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |
local rspamd_logger = require "rspamd_logger" | local rspamd_logger = require "rspamd_logger" | ||||
local common = require "lua_scanners/common" | local common = require "lua_scanners/common" | ||||
local module_name = "sophos" | |||||
local N = "sophos" | |||||
local default_message = '${SCANNER}: virus found: "${VIRUS}"' | local default_message = '${SCANNER}: virus found: "${VIRUS}"' | ||||
local function sophos_config(opts) | local function sophos_config(opts) | ||||
local sophos_conf = { | local sophos_conf = { | ||||
module_name = module_name, | |||||
N = N, | |||||
scan_mime_parts = true, | scan_mime_parts = true, | ||||
scan_text_mime = false, | scan_text_mime = false, | ||||
scan_image_mime = false, | scan_image_mime = false, | ||||
sophos_conf.default_port) | sophos_conf.default_port) | ||||
if sophos_conf['upstreams'] then | if sophos_conf['upstreams'] then | ||||
lua_util.add_debug_alias('antivirus', sophos_conf.module_name) | |||||
lua_util.add_debug_alias('antivirus', sophos_conf.N) | |||||
return sophos_conf | return sophos_conf | ||||
end | end | ||||
upstream = rule.upstreams:get_upstream_round_robin() | upstream = rule.upstreams:get_upstream_round_robin() | ||||
addr = upstream:get_addr() | addr = upstream:get_addr() | ||||
lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | |||||
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) | |||||
tcp.request({ | tcp.request({ | ||||
task = task, | task = task, | ||||
else | else | ||||
upstream:ok() | upstream:ok() | ||||
data = tostring(data) | data = tostring(data) | ||||
lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data) | |||||
lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data) | |||||
local vname = string.match(data, 'VIRUS (%S+) ') | local vname = string.match(data, 'VIRUS (%S+) ') | ||||
if vname then | if vname then | ||||
common.yield_result(task, rule, vname) | common.yield_result(task, rule, vname) | ||||
if rule['log_clean'] then | if rule['log_clean'] then | ||||
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix) | rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix) | ||||
else | else | ||||
lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix) | |||||
lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix) | |||||
end | end | ||||
common.save_av_cache(task, digest, rule, 'OK') | common.save_av_cache(task, digest, rule, 'OK') | ||||
-- not finished - continue | -- not finished - continue | ||||
description = 'sophos antivirus', | description = 'sophos antivirus', | ||||
configure = sophos_config, | configure = sophos_config, | ||||
check = sophos_check, | check = sophos_check, | ||||
name = module_name | |||||
name = N | |||||
} | } |