[Minor] lua_scanners - adopt excrypted / macro support

lualib/lua_scanners/clamav.lua

@@ -140,6 +140,10 @@ local function clamav_check(task, content, digest, rule)
             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)
             common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted')
             cached = 'encrypted'
+          elseif string.find(vname, '^Heuristics%.OLE2%.ContainsMacros') then
+            rspamd_logger.errx(task, '%s: ClamAV Found an OLE2 Office Macro', rule.log_prefix)
+            common.yield_result(task, rule, vname, 0.0, 'macro')
+          elseif vname then
           elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then
             rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix)
             common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail')

lualib/lua_scanners/oletools.lua

@@ -184,6 +184,11 @@ local function oletools_check(task, content, digest, rule)
             end
           elseif result[3]['return_code'] == 9 then
             rspamd_logger.warnx(task, '%s: File is encrypted.', rule.log_prefix)
+            common.yield_result(task, rule, 'failed - err: ' .. oletools_rc[result[3]['return_code']], 0.0, 'encrypted')
+            common.save_cache(task, digest, rule, 'encrypted')
+          elseif result[3]['return_code'] == 5 then
+            rspamd_logger.warnx(task, '%s: olefy could not open the file - error: %s', rule.log_prefix,
+                result[2]['message'])
             common.yield_result(task, rule, 'failed - err: ' .. oletools_rc[result[3]['return_code']], 0.0, 'fail')
           elseif result[3]['return_code'] > 6 then
             rspamd_logger.errx(task, '%s: Error Returned: %s',
@@ -196,7 +201,7 @@ local function oletools_check(task, content, digest, rule)
                 rule.log_prefix, result[2]['message'])
             oletools_requery(oletools_rc[result[3]['return_code']])
           elseif type(result[2]['analysis']) == 'table' and #result[2]['analysis'] == 0
-            and #result[2]['macros'] == 0 then
+              and #result[2]['macros'] == 0 then
             rspamd_logger.warnx(task, '%s: maybe unhandled python or oletools error', rule.log_prefix)
             common.yield_result(task, rule, 'oletools unhandled error', 0.0, 'fail')
           elseif type(result[2]['analysis']) ~= 'table' and #result[2]['macros'] == 0 then

src/plugins/lua/antivirus.lua

@@ -87,7 +87,6 @@ local function add_antivirus_rule(sym, opts)
   if not opts.symbol_fail then
     opts.symbol_fail = opts.symbol .. '_FAIL'
   end
-
   if not opts.symbol_encrypted then
     opts.symbol_encrypted = opts.symbol .. '_ENCRYPTED'
   end

src/plugins/lua/external_services.lua

@@ -136,8 +136,14 @@ local function add_scanner_rule(sym, opts)
 
   rule.type = opts.type
 
-  if not rule.symbol_fail then
-    rule.symbol_fail = opts.symbol .. '_FAIL'
+  if not opts.symbol_fail then
+    opts.symbol_fail = opts.symbol .. '_FAIL'
+  end
+  if not opts.symbol_encrypted then
+    opts.symbol_encrypted = opts.symbol .. '_ENCRYPTED'
+  end
+  if not opts.symbol_macro then
+    opts.symbol_macro = opts.symbol .. '_MACRO'
   end
 
   rule.redis_params = redis_params
@@ -215,12 +221,26 @@ if opts and type(opts) == 'table' then
         local id = rspamd_config:register_symbol(t)
 
         rspamd_config:register_symbol({
-          type = 'virtual,nostat',
+          type = 'virtual',
           name = m['symbol_fail'],
           parent = id,
           score = 0.0,
           group = N
         })
+        rspamd_config:register_symbol({
+          type = 'virtual',
+          name = m['symbol_encrypted'],
+          parent = id,
+          score = 0.0,
+          group = N
+        })
+        rspamd_config:register_symbol({
+          type = 'virtual',
+          name = m['symbol_macro'],
+          parent = id,
+          score = 0.0,
+          group = N
+        })
         has_valid = true
         if type(m['patterns']) == 'table' then
           if m['patterns'][1] then