mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19741 Commits
28 Branches
Tree: 05fd471df5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '05fd471df5'
${ noResults }
rspamd/src/plugins/lua/external_services.lua

external_services.lua 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. Copyright (c) 2019, Carsten Rosenberg <c.rosenberg@heinlein-support.de>

  4. 

  5. Licensed under the Apache License, Version 2.0 (the "License");

  6. you may not use this file except in compliance with the License.

  7. You may obtain a copy of the License at

  8. 

  9.     http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11. Unless required by applicable law or agreed to in writing, software

  12. distributed under the License is distributed on an "AS IS" BASIS,

  13. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14. See the License for the specific language governing permissions and

  15. limitations under the License.

  16. ]] --

  17. 

  18. local rspamd_logger = require "rspamd_logger"

  19. local lua_util = require "lua_util"

  20. local lua_redis = require "lua_redis"

  21. local fun = require "fun"

  22. local lua_scanners = require("lua_scanners").filter('scanner')

  23. local common = require "lua_scanners/common"

  24. local redis_params

  25. 

  26. local N = "external_services"

  27. 

  28. if confighelp then

  29.   rspamd_config:add_example(nil, 'external_services',

  30.     "Check messages using external services (e.g. OEM AS engines, DCC, Pyzor etc)",

  31.     [[

  32. external_services {

  33.   # multiple scanners could be checked, for each we create a configuration block with an arbitrary name

  34. 

  35.   oletools {

  36.     # If set force this action if any virus is found (default unset: no action is forced)

  37.     # action = "reject";

  38.     # If set, then rejection message is set to this value (mention single quotes)

  39.     # If `max_size` is set, messages > n bytes in size are not scanned

  40.     # max_size = 20000000;

  41.     # log_clean = true;

  42.     # servers = "127.0.0.1:10050";

  43.     # cache_expire = 86400;

  44.     # scan_mime_parts = true;

  45.     # extended = false;

  46.     # if `patterns` is specified virus name will be matched against provided regexes and the related

  47.     # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.

  48.     patterns {

  49.       # symbol_name = "pattern";

  50.       JUST_EICAR = "^Eicar-Test-Signature$";

  51.     }

  52.     # mime-part regex matching in content-type or filename

  53.     mime_parts_filter_regex {

  54.       #GEN1 = "application\/octet-stream";

  55.       DOC2 = "application\/msword";

  56.       DOC3 = "application\/vnd\.ms-word.*";

  57.       XLS = "application\/vnd\.ms-excel.*";

  58.       PPT = "application\/vnd\.ms-powerpoint.*";

  59.       GEN2 = "application\/vnd\.openxmlformats-officedocument.*";

  60.     }

  61.     # Mime-Part filename extension matching (no regex)

  62.     mime_parts_filter_ext {

  63.       doc = "doc";

  64.       dot = "dot";

  65.       docx = "docx";

  66.       dotx = "dotx";

  67.       docm = "docm";

  68.       dotm = "dotm";

  69.       xls = "xls";

  70.       xlt = "xlt";

  71.       xla = "xla";

  72.       xlsx = "xlsx";

  73.       xltx = "xltx";

  74.       xlsm = "xlsm";

  75.       xltm = "xltm";

  76.       xlam = "xlam";

  77.       xlsb = "xlsb";

  78.       ppt = "ppt";

  79.       pot = "pot";

  80.       pps = "pps";

  81.       ppa = "ppa";

  82.       pptx = "pptx";

  83.       potx = "potx";

  84.       ppsx = "ppsx";

  85.       ppam = "ppam";

  86.       pptm = "pptm";

  87.       potm = "potm";

  88.       ppsm = "ppsm";

  89.     }

  90.     # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.

  91.     whitelist = "/etc/rspamd/antivirus.wl";

  92.   }

  93.   dcc {

  94.     # If set force this action if any virus is found (default unset: no action is forced)

  95.     # action = "reject";

  96.     # If set, then rejection message is set to this value (mention single quotes)

  97.     # If `max_size` is set, messages > n bytes in size are not scanned

  98.     max_size = 20000000;

  99.     #servers = "127.0.0.1:10045;

  100.     # if `patterns` is specified virus name will be matched against provided regexes and the related

  101.     # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.

  102.     patterns {

  103.       # symbol_name = "pattern";

  104.       JUST_EICAR = "^Eicar-Test-Signature$";

  105.     }

  106.     # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.

  107.     whitelist = "/etc/rspamd/antivirus.wl";

  108.   }

  109. }

  110. ]])

  111.   return

  112. end

  113. 

  114. 

  115. local function add_scanner_rule(sym, opts)

  116.   if not opts.type then

  117.     rspamd_logger.errx(rspamd_config, 'unknown type for external scanner rule %s', sym)

  118.     return nil

  119.   end

  120. 

  121.   local cfg = lua_scanners[opts.type]

  122. 

  123.   if not cfg then

  124.     rspamd_logger.errx(rspamd_config, 'unknown external scanner type: %s',

  125.         opts.type)

  126.     return nil

  127.   end

  128. 

  129.   local rule = cfg.configure(opts)

  130. 

  131.   if not rule then

  132.     rspamd_logger.errx(rspamd_config, 'cannot configure %s for %s',

  133.       opts.type, rule.symbol or sym:upper())

  134.     return nil

  135.   end

  136. 

  137.   rule.type = opts.type

  138.   -- Fill missing symbols

  139.   if not rule.symbol then

  140.     rule.symbol = sym:upper()

  141.   end

  142.   if not rule.symbol_fail then

  143.     rule.symbol_fail = rule.symbol .. '_FAIL'

  144.   end

  145.   if not rule.symbol_encrypted then

  146.     rule.symbol_encrypted = rule.symbol .. '_ENCRYPTED'

  147.   end

  148.   if not rule.symbol_macro then

  149.     rule.symbol_macro = rule.symbol .. '_MACRO'

  150.   end

  151. 

  152.   rule.redis_params = redis_params

  153. 

  154.   lua_redis.register_prefix(rule.prefix .. '_*', N,

  155.       string.format('External services cache for rule "%s"',

  156.           rule.type), {

  157.         type = 'string',

  158.       })

  159. 

  160.   -- if any mime_part filter defined, do not scan all attachments

  161.   if opts.mime_parts_filter_regex ~= nil

  162.       or opts.mime_parts_filter_ext ~= nil then

  163.     rule.scan_all_mime_parts = false

  164.   else

  165.     rule.scan_all_mime_parts = true

  166.   end

  167. 

  168.   rule.patterns = common.create_regex_table(opts.patterns or {})

  169.   rule.patterns_fail = common.create_regex_table(opts.patterns_fail or {})

  170. 

  171.   rule.mime_parts_filter_regex = common.create_regex_table(opts.mime_parts_filter_regex or {})

  172. 

  173.   rule.mime_parts_filter_ext = common.create_regex_table(opts.mime_parts_filter_ext or {})

  174. 

  175.   if opts.whitelist then

  176.     rule.whitelist = rspamd_config:add_hash_map(opts.whitelist)

  177.   end

  178. 

  179.   local function scan_cb(task)

  180.     if rule.scan_mime_parts then

  181. 

  182.       fun.each(function(p)

  183.         local content = p:get_content()

  184.         if content and #content > 0 then

  185.           cfg.check(task, content, p:get_digest(), rule)

  186.         end

  187.       end, common.check_parts_match(task, rule))

  188. 

  189.     else

  190.       cfg.check(task, task:get_content(), task:get_digest(), rule)

  191.     end

  192.   end

  193. 

  194.   rspamd_logger.infox(rspamd_config, 'registered external services rule: symbol %s; type %s',

  195.       rule.symbol, rule.type)

  196. 

  197.   return scan_cb, rule

  198. end

  199. 

  200. -- Registration

  201. local opts = rspamd_config:get_all_opt(N)

  202. if opts and type(opts) == 'table' then

  203.   redis_params = lua_redis.parse_redis_server(N)

  204.   local has_valid = false

  205.   for k, m in pairs(opts) do

  206.     if type(m) == 'table' and m.servers then

  207.       if not m.type then m.type = k end

  208.       if not m.name then m.name = k end

  209.       local cb, nrule = add_scanner_rule(k, m)

  210. 

  211.       if not cb then

  212.         rspamd_logger.errx(rspamd_config, 'cannot add rule: "' .. k .. '"')

  213.       else

  214.         m = nrule

  215. 

  216.         local t = {

  217.           name = m.symbol,

  218.           callback = cb,

  219.           score = 0.0,

  220.           group = N

  221.         }

  222. 

  223.         if m.symbol_type == 'postfilter' then

  224.           t.type = 'postfilter'

  225.           t.priority = lua_util.symbols_priorities.medium

  226.         else

  227.           t.type = 'normal'

  228.         end

  229. 

  230.         t.augmentations = {}

  231. 

  232.         if type(m.timeout) == 'number' then

  233.           -- Here, we ignore possible DNS timeout and timeout from multiple retries

  234.           -- as these situations are not usual nor likely for the external_services module

  235.           table.insert(t.augmentations, string.format("timeout=%f", m.timeout))

  236.         end

  237. 

  238.         local id = rspamd_config:register_symbol(t)

  239. 

  240.         if m.symbol_fail then

  241.           rspamd_config:register_symbol({

  242.             type = 'virtual',

  243.             name = m['symbol_fail'],

  244.             parent = id,

  245.             score = 0.0,

  246.             group = N

  247.           })

  248.         end

  249. 

  250.         if m.symbol_encrypted then

  251.           rspamd_config:register_symbol({

  252.             type = 'virtual',

  253.             name = m['symbol_encrypted'],

  254.             parent = id,

  255.             score = 0.0,

  256.             group = N

  257.           })

  258.         end

  259.         if m.symbol_macro then

  260.           rspamd_config:register_symbol({

  261.             type = 'virtual',

  262.             name = m['symbol_macro'],

  263.             parent = id,

  264.             score = 0.0,

  265.             group = N

  266.           })

  267.         end

  268.         has_valid = true

  269.         if type(m['patterns']) == 'table' then

  270.           if m['patterns'][1] then

  271.             for _, p in ipairs(m['patterns']) do

  272.               if type(p) == 'table' then

  273.                 for sym in pairs(p) do

  274.                   rspamd_logger.debugm(N, rspamd_config, 'registering: %1', {

  275.                     type = 'virtual',

  276.                     name = sym,

  277.                     parent = m['symbol'],

  278.                     parent_id = id,

  279.                   })

  280.                   rspamd_config:register_symbol({

  281.                     type = 'virtual',

  282.                     name = sym,

  283.                     parent = id,

  284.                     score = 0.0,

  285.                     group = N

  286.                   })

  287.                 end

  288.               end

  289.             end

  290.           else

  291.             for sym in pairs(m['patterns']) do

  292.               rspamd_config:register_symbol({

  293.                 type = 'virtual',

  294.                 name = sym,

  295.                 parent = id,

  296.                 score = 0.0,

  297.                 group = N

  298.               })

  299.             end

  300.           end

  301.         end

  302.         if type(m['patterns_fail']) == 'table' then

  303.           if m['patterns_fail'][1] then

  304.             for _, p in ipairs(m['patterns_fail']) do

  305.               if type(p) == 'table' then

  306.                 for sym in pairs(p) do

  307.                   rspamd_logger.debugm(N, rspamd_config, 'registering: %1', {

  308.                     type = 'virtual',

  309.                     name = sym,

  310.                     parent = m['symbol'],

  311.                     parent_id = id,

  312.                   })

  313.                   rspamd_config:register_symbol({

  314.                     type = 'virtual',

  315.                     name = sym,

  316.                     parent = id,

  317.                     score = 0.0,

  318.                     group = N

  319.                   })

  320.                 end

  321.               end

  322.             end

  323.           else

  324.             for sym in pairs(m['patterns_fail']) do

  325.               rspamd_config:register_symbol({

  326.                 type = 'virtual',

  327.                 name = sym,

  328.                 parent = id,

  329.                 score = 0.0,

  330.                 group = N

  331.               })

  332.             end

  333.           end

  334.         end

  335.         if m.symbols then

  336.           local function reg_symbols(tbl)

  337.             for _,sym in pairs(tbl) do

  338.               if type(sym) == 'string' then

  339.                 rspamd_config:register_symbol({

  340.                   type = 'virtual',

  341.                   name = sym,

  342.                   parent = id,

  343.                   group = N

  344.                 })

  345.               elseif type(sym) == 'table' then

  346.                 if sym.symbol then

  347.                   rspamd_config:register_symbol({

  348.                     type = 'virtual',

  349.                     name = sym.symbol,

  350.                     parent = id,

  351.                     group = N

  352.                   })

  353. 

  354.                   if sym.score then

  355.                     rspamd_config:set_metric_symbol({

  356.                       name = sym.symbol,

  357.                       score = sym.score,

  358.                       description = sym.description,

  359.                       group = sym.group or N,

  360.                     })

  361.                   end

  362.                 else

  363.                   reg_symbols(sym)

  364.                 end

  365.               end

  366.             end

  367.           end

  368. 

  369.           reg_symbols(m.symbols)

  370.         end

  371. 

  372.         if m['score'] then

  373.           -- Register metric symbol

  374.           local description = 'external services symbol'

  375.           local group = N

  376.           if m['description'] then

  377.             description = m['description']

  378.           end

  379.           if m['group'] then

  380.             group = m['group']

  381.           end

  382.           rspamd_config:set_metric_symbol({

  383.             name = m['symbol'],

  384.             score = m['score'],

  385.             description = description,

  386.             group = group

  387.           })

  388.         end

  389. 

  390.         -- Add preloads if a module requires that

  391.         if type(m.preloads) == 'table' then

  392.           for _,preload in ipairs(m.preloads) do

  393.             rspamd_config:add_on_load(function(cfg, ev_base, worker)

  394.               preload(m, cfg, ev_base, worker)

  395.             end)

  396.           end

  397.         end

  398.       end

  399.     end

  400.   end

  401. 

  402.   if not has_valid then

  403.     lua_util.disable_module(N, 'config')

  404.   end

  405. end