mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
Browse Source

[FIX] lua_scanners - using N is much smarter ;)

tags/1.9.0
Carsten Rosenberg 5 years ago
parent
42bde308e2
commit
44de7f5879
8 changed files with 67 additions and 67 deletions
Unified View Show Diff Stats
  1. 7
    7
      lualib/lua_scanners/clamav.lua
  2. 10
    10
      lualib/lua_scanners/dcc.lua
  3. 5
    5
      lualib/lua_scanners/fprot.lua
  4. 11
    11
      lualib/lua_scanners/icap.lua
  5. 6
    6
      lualib/lua_scanners/kaspersky_av.lua
  6. 13
    13
      lualib/lua_scanners/oletools.lua
  7. 8
    8
      lualib/lua_scanners/savapi.lua
  8. 7
    7
      lualib/lua_scanners/sophos.lua

+ 7
- 7
lualib/lua_scanners/clamav.lua View File

local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = "clamav"
local N = "clamav"


local default_message = '${SCANNER}: virus found: "${VIRUS}"' local default_message = '${SCANNER}: virus found: "${VIRUS}"'


local function clamav_config(opts) local function clamav_config(opts)
local clamav_conf = { local clamav_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true, scan_mime_parts = true,
scan_text_mime = false, scan_text_mime = false,
scan_image_mime = false, scan_image_mime = false,
clamav_conf.default_port) clamav_conf.default_port)


if clamav_conf['upstreams'] then if clamav_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', clamav_conf.module_name)
lua_util.add_debug_alias('antivirus', clamav_conf.N)
return clamav_conf return clamav_conf
end end


upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s: retry IP: %s', rule.log_prefix, addr)
lua_util.debugm(rule.N, task, '%s: retry IP: %s', rule.log_prefix, addr)


tcp.request({ tcp.request({
task = task, task = task,
upstream:ok() upstream:ok()
data = tostring(data) data = tostring(data)
local cached local cached
lua_util.debugm(rule.module_name, task, '%s: got reply: %s', rule.log_prefix, data)
lua_util.debugm(rule.N, task, '%s: got reply: %s', rule.log_prefix, data)
if data == 'stream: OK' then if data == 'stream: OK' then
cached = 'OK' cached = 'OK'
if rule['log_clean'] then if rule['log_clean'] then
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix) rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
else else
lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix)
lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix)
end end
else else
local vname = string.match(data, 'stream: (.+) FOUND') local vname = string.match(data, 'stream: (.+) FOUND')
description = 'clamav antivirus', description = 'clamav antivirus',
configure = clamav_config, configure = clamav_config,
check = clamav_check, check = clamav_check,
name = module_name
name = N
} }

+ 10
- 10
lualib/lua_scanners/dcc.lua View File

local common = require "lua_scanners/common" local common = require "lua_scanners/common"
local fun = require "fun" local fun = require "fun"


local module_name = 'dcc'
local N = 'dcc'


local function dcc_check(task, content, digest, rule) local function dcc_check(task, content, digest, rule)
local function dcc_check_uncached () local function dcc_check_uncached ()


retransmits = retransmits - 1 retransmits = retransmits - 1


lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, err, retransmits) rule.log_prefix, err, retransmits)


-- Select a different upstream! -- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port()) rule.log_prefix, addr, addr:get_port())


tcp.request({ tcp.request({
-- Parse the response -- Parse the response
if upstream then upstream:ok() end if upstream then upstream:ok() end
local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n") local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n")
lua_util.debugm(rule.module_name, task, 'DCC result=%1 disposition=%2 header="%3"',
lua_util.debugm(rule.N, task, 'DCC result=%1 disposition=%2 header="%3"',
result, disposition, header) result, disposition, header)


if header then if header then
rspamd_logger.infox(task, '%s: clean, returned result A - info: %s', rspamd_logger.infox(task, '%s: clean, returned result A - info: %s',
rule.log_prefix, info) rule.log_prefix, info)
else else
lua_util.debugm(rule.module_name, task, '%s: returned result A - info: %s',
lua_util.debugm(rule.N, task, '%s: returned result A - info: %s',
rule.log_prefix, info) rule.log_prefix, info)
end end
end end
if rule.log_clean then if rule.log_clean then
rspamd_logger.infox(task, '%s: clean, returned result G - info: %s', rule.log_prefix, info) rspamd_logger.infox(task, '%s: clean, returned result G - info: %s', rule.log_prefix, info)
else else
lua_util.debugm(rule.module_name, task, '%s: returned result G - info: %s', rule.log_prefix, info)
lua_util.debugm(rule.N, task, '%s: returned result G - info: %s', rule.log_prefix, info)
end end
elseif result == 'S' then elseif result == 'S' then
-- do nothing -- do nothing
if rule.log_clean then if rule.log_clean then
rspamd_logger.infox(task, '%s: clean, returned result S - info: %s', rule.log_prefix, info) rspamd_logger.infox(task, '%s: clean, returned result S - info: %s', rule.log_prefix, info)
else else
lua_util.debugm(rule.module_name, task, '%s: returned result S - info: %s', rule.log_prefix, info)
lua_util.debugm(rule.N, task, '%s: returned result S - info: %s', rule.log_prefix, info)
end end
else else
-- Unknown result -- Unknown result
local function dcc_config(opts) local function dcc_config(opts)


local dcc_conf = { local dcc_conf = {
module_name = module_name,
N = N,
default_port = 10045, default_port = 10045,
timeout = 5.0, timeout = 5.0,
log_clean = false, log_clean = false,
dcc_conf.default_port) dcc_conf.default_port)


if dcc_conf.upstreams then if dcc_conf.upstreams then
lua_util.add_debug_alias('external_services', dcc_conf.module_name)
lua_util.add_debug_alias('external_services', dcc_conf.N)
return dcc_conf return dcc_conf
end end


description = 'dcc bulk scanner', description = 'dcc bulk scanner',
configure = dcc_config, configure = dcc_config,
check = dcc_check, check = dcc_check,
name = module_name
name = N
} }

+ 5
- 5
lualib/lua_scanners/fprot.lua View File

local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = "fprot"
local N = "fprot"


local default_message = '${SCANNER}: virus found: "${VIRUS}"' local default_message = '${SCANNER}: virus found: "${VIRUS}"'


local function fprot_config(opts) local function fprot_config(opts)
local fprot_conf = { local fprot_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true, scan_mime_parts = true,
scan_text_mime = false, scan_text_mime = false,
scan_image_mime = false, scan_image_mime = false,
fprot_conf.default_port) fprot_conf.default_port)


if fprot_conf['upstreams'] then if fprot_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', fprot_conf.module_name)
lua_util.add_debug_alias('antivirus', fprot_conf.N)
return fprot_conf return fprot_conf
end end


upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)


tcp.request({ tcp.request({
task = task, task = task,
description = 'fprot antivirus', description = 'fprot antivirus',
configure = fprot_config, configure = fprot_config,
check = fprot_check, check = fprot_check,
name = module_name
name = N
} }

+ 11
- 11
lualib/lua_scanners/icap.lua View File

local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = 'icap'
local N = 'icap'


local function icap_check(task, content, digest, rule) local function icap_check(task, content, digest, rule)
local function icap_check_uncached () local function icap_check_uncached ()
"Encapsulated: null-body=0\r\n\r\n", "Encapsulated: null-body=0\r\n\r\n",
} }
local size = string.format("%x", tonumber(#content)) local size = string.format("%x", tonumber(#content))
lua_util.debugm(rule.module_name, task, '%s: size: %s', rule.log_prefix, size)
lua_util.debugm(rule.N, task, '%s: size: %s', rule.log_prefix, size)


local function get_respond_query() local function get_respond_query()
table.insert(respond_headers, 1, 'RESPMOD icap://' .. addr:to_string() .. ':' .. addr:get_port() .. '/' table.insert(respond_headers, 1, 'RESPMOD icap://' .. addr:to_string() .. ':' .. addr:get_port() .. '/'
icap_headers[key] = value icap_headers[key] = value
end end
end end
lua_util.debugm(rule.module_name, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers)
lua_util.debugm(rule.N, task, '%s: icap_headers: %s', rule.log_prefix, icap_headers)
return icap_headers return icap_headers
end end


if icap_headers['X-Infection-Found'] ~= nil then if icap_headers['X-Infection-Found'] ~= nil then
pattern_symbols = "(Type%=%d; .* Threat%=)(.*)([;]+)" pattern_symbols = "(Type%=%d; .* Threat%=)(.*)([;]+)"
match = string.gsub(icap_headers['X-Infection-Found'], pattern_symbols, "%2") match = string.gsub(icap_headers['X-Infection-Found'], pattern_symbols, "%2")
lua_util.debugm(rule.module_name, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match)
lua_util.debugm(rule.N, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, match)
table.insert(threat_string, match) table.insert(threat_string, match)
elseif icap_headers['X-Virus-ID'] ~= nil then elseif icap_headers['X-Virus-ID'] ~= nil then
lua_util.debugm(rule.module_name, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
lua_util.debugm(rule.N, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
table.insert(threat_string, icap_headers['X-Virus-ID']) table.insert(threat_string, icap_headers['X-Virus-ID'])
end end




retransmits = retransmits - 1 retransmits = retransmits - 1


lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, error, retransmits) rule.log_prefix, error, retransmits)


-- Select a different upstream! -- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port()) rule.log_prefix, addr, addr:get_port())


tcp.request({ tcp.request({
local function icap_config(opts) local function icap_config(opts)


local icap_conf = { local icap_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true, scan_mime_parts = true,
scan_all_mime_parts = true, scan_all_mime_parts = true,
scan_text_mime = false, scan_text_mime = false,
icap_conf.default_port) icap_conf.default_port)


if icap_conf.upstreams then if icap_conf.upstreams then
lua_util.add_debug_alias('external_services', icap_conf.module_name)
lua_util.add_debug_alias('external_services', icap_conf.N)
return icap_conf return icap_conf
end end


end end


return { return {
type = {module_name,'virus', 'virus', 'scanner'},
type = {N,'virus', 'virus', 'scanner'},
description = 'generic icap antivirus', description = 'generic icap antivirus',
configure = icap_config, configure = icap_config,
check = icap_check, check = icap_check,
name = module_name
name = N
} }

+ 6
- 6
lualib/lua_scanners/kaspersky_av.lua View File

local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = "kaspersky"
local N = "kaspersky"


local default_message = '${SCANNER}: virus found: "${VIRUS}"' local default_message = '${SCANNER}: virus found: "${VIRUS}"'


local function kaspersky_config(opts) local function kaspersky_config(opts)
local kaspersky_conf = { local kaspersky_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true, scan_mime_parts = true,
scan_text_mime = false, scan_text_mime = false,
scan_image_mime = false, scan_image_mime = false,
kaspersky_conf['servers'], 0) kaspersky_conf['servers'], 0)


if kaspersky_conf['upstreams'] then if kaspersky_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', kaspersky_conf.module_name)
lua_util.add_debug_alias('antivirus', kaspersky_conf.N)
return kaspersky_conf return kaspersky_conf
end end


upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task,
lua_util.debugm(rule.N, task,
'%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr) '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)


tcp.request({ tcp.request({
upstream:ok() upstream:ok()
data = tostring(data) data = tostring(data)
local cached local cached
lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s',
lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s',
rule['symbol'], rule['type'], data) rule['symbol'], rule['type'], data)
if data == 'stream: OK' or data == fname .. ': OK' then if data == 'stream: OK' or data == fname .. ': OK' then
cached = 'OK' cached = 'OK'
description = 'kaspersky antivirus', description = 'kaspersky antivirus',
configure = kaspersky_config, configure = kaspersky_config,
check = kaspersky_check, check = kaspersky_check,
name = module_name
name = N
} }

+ 13
- 13
lualib/lua_scanners/oletools.lua View File

local ucl = require "ucl" local ucl = require "ucl"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = 'oletools'
local N = 'oletools'


local function oletools_check(task, content, digest, rule) local function oletools_check(task, content, digest, rule)
local function oletools_check_uncached () local function oletools_check_uncached ()


retransmits = retransmits - 1 retransmits = retransmits - 1


lua_util.debugm(rule.module_name, task, '%s: Request Error: %s - retries left: %s',
lua_util.debugm(rule.N, task, '%s: Request Error: %s - retries left: %s',
rule.log_prefix, error, retransmits) rule.log_prefix, error, retransmits)


-- Select a different upstream! -- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s: retry IP: %s:%s',
lua_util.debugm(rule.N, task, '%s: retry IP: %s:%s',
rule.log_prefix, addr, addr:get_port()) rule.log_prefix, addr, addr:get_port())


tcp.request({ tcp.request({
local m_dridex = '-' local m_dridex = '-'
local m_vba = '-' local m_vba = '-'


lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
lua_util.debugm(rule.N, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
lua_util.debugm(rule.N, task, '%s: type: %s', rule.log_prefix, result[2]['type'])


for _,m in ipairs(result[2]['macros']) do for _,m in ipairs(result[2]['macros']) do
lua_util.debugm(rule.module_name, task, '%s: macros found - code: %s, ole_stream: %s, '..
lua_util.debugm(rule.N, task, '%s: macros found - code: %s, ole_stream: %s, '..
'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename) 'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename)
end end


local analysis_keyword_table = {} local analysis_keyword_table = {}


for _,a in ipairs(result[2]['analysis']) do for _,a in ipairs(result[2]['analysis']) do
lua_util.debugm(rule.module_name, task, '%s: threat found - type: %s, keyword: %s, '..
lua_util.debugm(rule.N, task, '%s: threat found - type: %s, keyword: %s, '..
'description: %s', rule.log_prefix, a.type, a.keyword, a.description) 'description: %s', rule.log_prefix, a.type, a.keyword, a.description)
if a.type == 'AutoExec' then if a.type == 'AutoExec' then
m_autoexec = 'A' m_autoexec = 'A'
if rule.extended == false and m_autoexec == 'A' and m_suspicious == 'S' then if rule.extended == false and m_autoexec == 'A' and m_suspicious == 'S' then
-- use single string as virus name -- use single string as virus name
local threat = 'AutoExec + Suspicious (' .. table.concat(analysis_keyword_table, ',') .. ')' local threat = 'AutoExec + Suspicious (' .. table.concat(analysis_keyword_table, ',') .. ')'
lua_util.debugm(rule.module_name, task, '%s: threat result: %s', rule.log_prefix, threat)
lua_util.debugm(rule.N, task, '%s: threat result: %s', rule.log_prefix, threat)
common.yield_result(task, rule, threat, rule.default_score) common.yield_result(task, rule, threat, rule.default_score)
common.save_av_cache(task, digest, rule, threat, rule.default_score) common.save_av_cache(task, digest, rule, threat, rule.default_score)


m_vba m_vba
table.insert(analysis_keyword_table, 1, flags) table.insert(analysis_keyword_table, 1, flags)


lua_util.debugm(rule.module_name, task, '%s: extended threat result: %s',
lua_util.debugm(rule.N, task, '%s: extended threat result: %s',
rule.log_prefix, table.concat(analysis_keyword_table, ',')) rule.log_prefix, table.concat(analysis_keyword_table, ','))


common.yield_result(task, rule, analysis_keyword_table, rule.default_score) common.yield_result(task, rule, analysis_keyword_table, rule.default_score)
local function oletools_config(opts) local function oletools_config(opts)


local oletools_conf = { local oletools_conf = {
module_name = module_name,
N = N,
scan_mime_parts = false, scan_mime_parts = false,
scan_text_mime = false, scan_text_mime = false,
scan_image_mime = false, scan_image_mime = false,
oletools_conf.default_port) oletools_conf.default_port)


if oletools_conf.upstreams then if oletools_conf.upstreams then
lua_util.add_debug_alias('external_services', oletools_conf.module_name)
lua_util.add_debug_alias('external_services', oletools_conf.N)
return oletools_conf return oletools_conf
end end


end end


return { return {
type = {module_name,'attachment scanner', 'hash', 'scanner'},
type = {N,'attachment scanner', 'hash', 'scanner'},
description = 'oletools office macro scanner', description = 'oletools office macro scanner',
configure = oletools_config, configure = oletools_config,
check = oletools_check, check = oletools_check,
name = module_name
name = N
} }

+ 8
- 8
lualib/lua_scanners/savapi.lua View File

local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = "savapi"
local N = "savapi"


local default_message = '${SCANNER}: virus found: "${VIRUS}"' local default_message = '${SCANNER}: virus found: "${VIRUS}"'


local function savapi_config(opts) local function savapi_config(opts)
local savapi_conf = { local savapi_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true, scan_mime_parts = true,
scan_text_mime = false, scan_text_mime = false,
scan_image_mime = false, scan_image_mime = false,
savapi_conf.default_port) savapi_conf.default_port)


if savapi_conf['upstreams'] then if savapi_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', savapi_conf.module_name)
lua_util.add_debug_alias('antivirus', savapi_conf.N)
return savapi_conf return savapi_conf
end end


for virus,_ in pairs(vnames) do for virus,_ in pairs(vnames) do
table.insert(vnames_reordered, virus) table.insert(vnames_reordered, virus)
end end
lua_util.debugm(rule.module_name, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered)
lua_util.debugm(rule.N, task, "%s: number of virus names found %s", rule['type'], #vnames_reordered)
if #vnames_reordered > 0 then if #vnames_reordered > 0 then
local vname = {} local vname = {}
for _,virus in ipairs(vnames_reordered) do for _,virus in ipairs(vnames_reordered) do


local function savapi_scan2_cb(err, data, conn) local function savapi_scan2_cb(err, data, conn)
local result = tostring(data) local result = tostring(data)
lua_util.debugm(rule.module_name, task, "%s: got reply: %s",
lua_util.debugm(rule.N, task, "%s: got reply: %s",
rule['type'], result) rule['type'], result)


-- Terminal response - clean -- Terminal response - clean
local function savapi_greet2_cb(err, data, conn) local function savapi_greet2_cb(err, data, conn)
local result = tostring(data) local result = tostring(data)
if string.find(result, '100 PRODUCT') then if string.find(result, '100 PRODUCT') then
lua_util.debugm(rule.module_name, task, "%s: scanning file: %s",
lua_util.debugm(rule.N, task, "%s: scanning file: %s",
rule['type'], fname) rule['type'], fname)
conn:add_write(savapi_scan1_cb, {string.format('SCAN %s\n', conn:add_write(savapi_scan1_cb, {string.format('SCAN %s\n',
fname)}) fname)})
upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)


tcp.request({ tcp.request({
task = task, task = task,
description = 'savapi avira antivirus', description = 'savapi avira antivirus',
configure = savapi_config, configure = savapi_config,
check = savapi_check, check = savapi_check,
name = module_name
name = N
} }

+ 7
- 7
lualib/lua_scanners/sophos.lua View File

local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local common = require "lua_scanners/common" local common = require "lua_scanners/common"


local module_name = "sophos"
local N = "sophos"


local default_message = '${SCANNER}: virus found: "${VIRUS}"' local default_message = '${SCANNER}: virus found: "${VIRUS}"'


local function sophos_config(opts) local function sophos_config(opts)
local sophos_conf = { local sophos_conf = {
module_name = module_name,
N = N,
scan_mime_parts = true, scan_mime_parts = true,
scan_text_mime = false, scan_text_mime = false,
scan_image_mime = false, scan_image_mime = false,
sophos_conf.default_port) sophos_conf.default_port)


if sophos_conf['upstreams'] then if sophos_conf['upstreams'] then
lua_util.add_debug_alias('antivirus', sophos_conf.module_name)
lua_util.add_debug_alias('antivirus', sophos_conf.N)
return sophos_conf return sophos_conf
end end


upstream = rule.upstreams:get_upstream_round_robin() upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr() addr = upstream:get_addr()


lua_util.debugm(rule.module_name, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
lua_util.debugm(rule.N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)


tcp.request({ tcp.request({
task = task, task = task,
else else
upstream:ok() upstream:ok()
data = tostring(data) data = tostring(data)
lua_util.debugm(rule.module_name, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
lua_util.debugm(rule.N, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
local vname = string.match(data, 'VIRUS (%S+) ') local vname = string.match(data, 'VIRUS (%S+) ')
if vname then if vname then
common.yield_result(task, rule, vname) common.yield_result(task, rule, vname)
if rule['log_clean'] then if rule['log_clean'] then
rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix) rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
else else
lua_util.debugm(rule.module_name, task, '%s: message or mime_part is clean', rule.log_prefix)
lua_util.debugm(rule.N, task, '%s: message or mime_part is clean', rule.log_prefix)
end end
common.save_av_cache(task, digest, rule, 'OK') common.save_av_cache(task, digest, rule, 'OK')
-- not finished - continue -- not finished - continue
description = 'sophos antivirus', description = 'sophos antivirus',
configure = sophos_config, configure = sophos_config,
check = sophos_check, check = sophos_check,
name = module_name
name = N
} }

Write Preview
Loading…
Cancel
Save