mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17984 Commits
29 Branches
Tree: 53851cbe0f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '53851cbe0f'
${ noResults }
rspamd/lualib/lua_scanners/vadesecure.lua

vadesecure.lua 9.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348 
  1. --[[

  2. Copyright (c) 2019, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module vadesecure

  19. -- This module contains Vadesecure Filterd interface

  20. --]]

  21. 

  22. local lua_util = require "lua_util"

  23. local http = require "rspamd_http"

  24. local upstream_list = require "rspamd_upstream_list"

  25. local rspamd_logger = require "rspamd_logger"

  26. local ucl = require "ucl"

  27. local common = require "lua_scanners/common"

  28. 

  29. local N = 'vadesecure'

  30. 

  31. local function vade_config(opts)

  32. 

  33.   local vade_conf = {

  34.     name = N,

  35.     default_port = 23808,

  36.     url = '/api/v1/scan',

  37.     use_https = false,

  38.     timeout = 5.0,

  39.     log_clean = false,

  40.     retransmits = 1,

  41.     cache_expire = 7200, -- expire redis in 2h

  42.     message = '${SCANNER}: spam message found: "${VIRUS}"',

  43.     detection_category = "hash",

  44.     default_score = 1,

  45.     action = false,

  46.     log_spamcause = true,

  47.     symbol_fail = 'VADE_FAIL',

  48.     symbol = 'VADE_CHECK',

  49.     settings_outbound = nil, -- Set when there is a settings id for outbound messages

  50.     symbols = {

  51.       clean = {

  52.         symbol = 'VADE_CLEAN',

  53.         score = -0.5,

  54.         description = 'VadeSecure decided message to be clean'

  55.       },

  56.       spam = {

  57.         high = {

  58.           symbol = 'VADE_SPAM_HIGH',

  59.           score = 8.0,

  60.           description = 'VadeSecure decided message to be clearly spam'

  61.         },

  62.         medium = {

  63.           symbol = 'VADE_SPAM_MEDIUM',

  64.           score = 5.0,

  65.           description = 'VadeSecure decided message to be highly likely spam'

  66.         },

  67.         low = {

  68.           symbol = 'VADE_SPAM_LOW',

  69.           score = 2.0,

  70.           description = 'VadeSecure decided message to be likely spam'

  71.         },

  72.       },

  73.       malware = {

  74.         symbol = 'VADE_MALWARE',

  75.         score = 8.0,

  76.         description = 'VadeSecure decided message to be malware'

  77.       },

  78.       scam = {

  79.         symbol = 'VADE_SCAM',

  80.         score = 7.0,

  81.         description = 'VadeSecure decided message to be scam'

  82.       },

  83.       phishing = {

  84.         symbol = 'VADE_PHISHING',

  85.         score = 8.0,

  86.         description = 'VadeSecure decided message to be phishing'

  87.       },

  88.       commercial =  {

  89.         symbol = 'VADE_COMMERCIAL',

  90.         score = 0.0,

  91.         description = 'VadeSecure decided message to be commercial message'

  92.       },

  93.       community =  {

  94.         symbol = 'VADE_COMMUNITY',

  95.         score = 0.0,

  96.         description = 'VadeSecure decided message to be community message'

  97.       },

  98.       transactional =  {

  99.         symbol = 'VADE_TRANSACTIONAL',

  100.         score = 0.0,

  101.         description = 'VadeSecure decided message to be transactional message'

  102.       },

  103.       suspect = {

  104.         symbol = 'VADE_SUSPECT',

  105.         score = 3.0,

  106.         description = 'VadeSecure decided message to be suspicious message'

  107.       },

  108.       bounce = {

  109.         symbol = 'VADE_BOUNCE',

  110.         score = 0.0,

  111.         description = 'VadeSecure decided message to be bounce message'

  112.       },

  113.       other = 'VADE_OTHER',

  114.     }

  115.   }

  116. 

  117.   vade_conf = lua_util.override_defaults(vade_conf, opts)

  118. 

  119.   if not vade_conf.prefix then

  120.     vade_conf.prefix = 'rs_' .. vade_conf.name .. '_'

  121.   end

  122. 

  123.   if not vade_conf.log_prefix then

  124.     if vade_conf.name:lower() == vade_conf.type:lower() then

  125.       vade_conf.log_prefix = vade_conf.name

  126.     else

  127.       vade_conf.log_prefix = vade_conf.name .. ' (' .. vade_conf.type .. ')'

  128.     end

  129.   end

  130. 

  131.   if not vade_conf.servers and vade_conf.socket then

  132.     vade_conf.servers = vade_conf.socket

  133.   end

  134. 

  135.   if not vade_conf.servers then

  136.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  137. 

  138.     return nil

  139.   end

  140. 

  141.   vade_conf.upstreams = upstream_list.create(rspamd_config,

  142.       vade_conf.servers,

  143.       vade_conf.default_port)

  144. 

  145.   if vade_conf.upstreams then

  146.     lua_util.add_debug_alias('external_services', vade_conf.name)

  147.     return vade_conf

  148.   end

  149. 

  150.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  151.       vade_conf['servers'])

  152.   return nil

  153. end

  154. 

  155. local function vade_check(task, content, digest, rule)

  156.   local function vade_check_uncached()

  157.     local function vade_url(addr)

  158.       local url

  159.       if rule.use_https then

  160.         url = string.format('https://%s:%d%s', tostring(addr),

  161.             rule.default_port, rule.url)

  162.       else

  163.         url = string.format('http://%s:%d%s', tostring(addr),

  164.             rule.default_port, rule.url)

  165.       end

  166. 

  167.       return url

  168.     end

  169. 

  170.     local upstream = rule.upstreams:get_upstream_round_robin()

  171.     local addr = upstream:get_addr()

  172.     local retransmits = rule.retransmits

  173. 

  174.     local url = vade_url(addr)

  175.     local hdrs = {}

  176. 

  177.     local helo = task:get_helo()

  178.     if helo then

  179.       hdrs['X-Helo'] = helo

  180.     end

  181.     local mail_from = task:get_from('smtp') or {}

  182.     if mail_from[1] and #mail_from[1].addr > 1 then

  183.       hdrs['X-Mailfrom'] = mail_from[1].addr

  184.     end

  185. 

  186.     local rcpt_to = task:get_recipients('smtp')

  187.     if rcpt_to then

  188.       hdrs['X-Rcptto'] = {}

  189.       for _, r in ipairs(rcpt_to) do

  190.         table.insert(hdrs['X-Rcptto'], r.addr)

  191.       end

  192.     end

  193. 

  194.     local fip = task:get_from_ip()

  195.     if fip and fip:is_valid() then

  196.       hdrs['X-Inet'] = tostring(fip)

  197.     end

  198. 

  199.     if rule.settings_outbound then

  200.       local settings_id = task:get_settings_id()

  201. 

  202.       if settings_id then

  203.         local lua_settings = require "lua_settings"

  204.         -- Convert to string

  205.         settings_id = lua_settings.settings_by_id(settings_id)

  206. 

  207.         if settings_id then

  208.           settings_id = settings_id.name or ''

  209. 

  210.           if settings_id == rule.settings_outbound then

  211.             lua_util.debugm(rule.name, task, '%s settings has matched outbound',

  212.                 settings_id)

  213.             hdrs['X-Params'] = 'mode=smtpout'

  214.           end

  215.         end

  216.       end

  217.     end

  218. 

  219.     local request_data = {

  220.       task = task,

  221.       url = url,

  222.       body = task:get_content(),

  223.       headers = hdrs,

  224.       timeout = rule.timeout,

  225.     }

  226. 

  227.     local function vade_callback(http_err, code, body, headers)

  228. 

  229.       local function vade_requery()

  230.         -- set current upstream to fail because an error occurred

  231.         upstream:fail()

  232. 

  233.         -- retry with another upstream until retransmits exceeds

  234.         if retransmits > 0 then

  235. 

  236.           retransmits = retransmits - 1

  237. 

  238.           lua_util.debugm(rule.name, task,

  239.               '%s: Request Error: %s - retries left: %s',

  240.               rule.log_prefix, http_err, retransmits)

  241. 

  242.           -- Select a different upstream!

  243.           upstream = rule.upstreams:get_upstream_round_robin()

  244.           addr = upstream:get_addr()

  245.           url = vade_url(addr)

  246. 

  247.           lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s',

  248.               rule.log_prefix, addr, addr:get_port())

  249.           request_data.url = url

  250. 

  251.           http.request(request_data)

  252.         else

  253.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits '..

  254.               'exceed', rule.log_prefix)

  255.           task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and '..

  256.               'retransmits exceed')

  257.         end

  258.       end

  259. 

  260.       if http_err then

  261.         vade_requery()

  262.       else

  263.         -- Parse the response

  264.         if upstream then upstream:ok() end

  265.         if code ~= 200 then

  266.           rspamd_logger.errx(task, 'invalid HTTP code: %s, body: %s, headers: %s', code, body, headers)

  267.           task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code)

  268.           return

  269.         end

  270.         local parser = ucl.parser()

  271.         local ret, err = parser:parse_string(body)

  272.         if not ret then

  273.           rspamd_logger.errx(task, 'vade: bad response body (raw): %s', body)

  274.           task:insert_result(rule.symbol_fail, 1.0, 'Parser error: ' .. err)

  275.           return

  276.         end

  277.         local obj = parser:get_object()

  278.         local verdict = obj.verdict

  279.         if not verdict then

  280.           rspamd_logger.errx(task, 'vade: bad response JSON (no verdict): %s', obj)

  281.           task:insert_result(rule.symbol_fail, 1.0, 'No verdict/unknown verdict')

  282.           return

  283.         end

  284.         local vparts = lua_util.str_split(verdict, ":")

  285.         verdict = table.remove(vparts, 1) or verdict

  286. 

  287.         local sym = rule.symbols[verdict]

  288.         if not sym then

  289.           sym = rule.symbols.other

  290.         end

  291. 

  292.         if not sym.symbol then

  293.           -- Subcategory match

  294.           local lvl = 'low'

  295.           if vparts and vparts[1] then

  296.             lvl = vparts[1]

  297.           end

  298. 

  299.           if sym[lvl] then

  300.             sym = sym[lvl]

  301.           else

  302.             sym = rule.symbols.other

  303.           end

  304.         end

  305. 

  306.         local opts = {}

  307.         if obj.score then

  308.           table.insert(opts, 'score=' .. obj.score)

  309.         end

  310.         if obj.elapsed then

  311.           table.insert(opts, 'elapsed=' .. obj.elapsed)

  312.         end

  313. 

  314.         if rule.log_spamcause and obj.spamcause then

  315.           rspamd_logger.infox(task, 'vadesecure verdict="%s", score=%s, spamcause="%s", message-id="%s"',

  316.               verdict, obj.score, obj.spamcause, task:get_message_id())

  317.         else

  318.           lua_util.debugm(rule.name, task, 'vadesecure returned verdict="%s", score=%s, spamcause="%s"',

  319.               verdict, obj.score, obj.spamcause)

  320.         end

  321. 

  322.         if #vparts > 0 then

  323.           table.insert(opts, 'verdict=' .. verdict .. ';' .. table.concat(vparts, ':'))

  324.         end

  325. 

  326.         task:insert_result(sym.symbol, 1.0, opts)

  327.       end

  328.     end

  329. 

  330.     request_data.callback = vade_callback

  331.     http.request(request_data)

  332.   end

  333. 

  334.   if common.condition_check_and_continue(task, content, rule, digest, vade_check_uncached) then

  335.     return

  336.   else

  337.     vade_check_uncached()

  338.   end

  339. 

  340. end

  341. 

  342. return {

  343.   type = {'vadesecure', 'scanner'},

  344.   description = 'VadeSecure Filterd interface',

  345.   configure = vade_config,

  346.   check = vade_check,

  347.   name = N

  348. }