mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21266 Commits
29 Branches
Tree: 90b73439d2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '90b73439d2'
${ noResults }
rspamd/lualib/lua_scanners/clamav.lua

clamav.lua 6.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module clamav

  19. -- This module contains clamav access functions

  20. --]]

  21. 

  22. local lua_util = require "lua_util"

  23. local tcp = require "rspamd_tcp"

  24. local upstream_list = require "rspamd_upstream_list"

  25. local rspamd_util = require "rspamd_util"

  26. local rspamd_logger = require "rspamd_logger"

  27. local common = require "lua_scanners/common"

  28. 

  29. local N = "clamav"

  30. 

  31. local default_message = '${SCANNER}: virus found: "${VIRUS}"'

  32. 

  33. local function clamav_config(opts)

  34.   local clamav_conf = {

  35.     name = N,

  36.     scan_mime_parts = true,

  37.     scan_text_mime = false,

  38.     scan_image_mime = false,

  39.     default_port = 3310,

  40.     log_clean = false,

  41.     timeout = 5.0, -- FIXME: this will break task_timeout!

  42.     detection_category = "virus",

  43.     retransmits = 2,

  44.     cache_expire = 3600, -- expire redis in one hour

  45.     message = default_message,

  46.   }

  47. 

  48.   clamav_conf = lua_util.override_defaults(clamav_conf, opts)

  49. 

  50.   if not clamav_conf.prefix then

  51.     clamav_conf.prefix = 'rs_' .. clamav_conf.name .. '_'

  52.   end

  53. 

  54.   if not clamav_conf.log_prefix then

  55.     if clamav_conf.name:lower() == clamav_conf.type:lower() then

  56.       clamav_conf.log_prefix = clamav_conf.name

  57.     else

  58.       clamav_conf.log_prefix = clamav_conf.name .. ' (' .. clamav_conf.type .. ')'

  59.     end

  60.   end

  61. 

  62.   if not clamav_conf['servers'] then

  63.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  64. 

  65.     return nil

  66.   end

  67. 

  68.   clamav_conf['upstreams'] = upstream_list.create(rspamd_config,

  69.       clamav_conf['servers'],

  70.       clamav_conf.default_port)

  71. 

  72.   if clamav_conf['upstreams'] then

  73.     lua_util.add_debug_alias('antivirus', clamav_conf.name)

  74.     return clamav_conf

  75.   end

  76. 

  77.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  78.       clamav_conf['servers'])

  79.   return nil

  80. end

  81. 

  82. local function clamav_check(task, content, digest, rule, maybe_part)

  83.   local function clamav_check_uncached ()

  84.     local upstream = rule.upstreams:get_upstream_round_robin()

  85.     local addr = upstream:get_addr()

  86.     local retransmits = rule.retransmits

  87.     local header = rspamd_util.pack("c9 c1 >I4", "zINSTREAM", "\0",

  88.         #content)

  89.     local footer = rspamd_util.pack(">I4", 0)

  90. 

  91.     local function clamav_callback(err, data)

  92.       if err then

  93. 

  94.         -- retry with another upstream until retransmits exceeds

  95.         if retransmits > 0 then

  96. 

  97.           retransmits = retransmits - 1

  98. 

  99.           -- Select a different upstream!

  100.           upstream = rule.upstreams:get_upstream_round_robin()

  101.           addr = upstream:get_addr()

  102. 

  103.           lua_util.debugm(rule.name, task, '%s: error: %s; retry IP: %s; retries left: %s',

  104.               rule.log_prefix, err, addr, retransmits)

  105. 

  106.           tcp.request({

  107.             task = task,

  108.             host = addr:to_string(),

  109.             port = addr:get_port(),

  110.             upstream = upstream,

  111.             timeout = rule['timeout'],

  112.             callback = clamav_callback,

  113.             data = { header, content, footer },

  114.             stop_pattern = '\0'

  115.           })

  116.         else

  117.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits exceed', rule.log_prefix)

  118.           common.yield_result(task, rule,

  119.               'failed to scan and retransmits exceed', 0.0, 'fail',

  120.               maybe_part)

  121.         end

  122. 

  123.       else

  124.         data = tostring(data)

  125.         local cached

  126.         lua_util.debugm(rule.name, task, '%s: got reply: %s',

  127.             rule.log_prefix, data)

  128.         if data == 'stream: OK' then

  129.           cached = 'OK'

  130.           if rule['log_clean'] then

  131.             rspamd_logger.infox(task, '%s: message or mime_part is clean',

  132.                 rule.log_prefix)

  133.           else

  134.             lua_util.debugm(rule.name, task, '%s: message or mime_part is clean', rule.log_prefix)

  135.           end

  136.         else

  137.           local vname = string.match(data, 'stream: (.+) FOUND')

  138.           if string.find(vname, '^Heuristics%.Encrypted') then

  139.             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)

  140.             common.yield_result(task, rule, 'File is encrypted: ' .. vname,

  141.                 0.0, 'encrypted', maybe_part)

  142.             cached = 'ENCRYPTED'

  143.           elseif string.find(vname, '^Heuristics%.OLE2%.ContainsMacros') then

  144.             rspamd_logger.errx(task, '%s: ClamAV Found an OLE2 Office Macro', rule.log_prefix)

  145.             common.yield_result(task, rule, vname, 0.0, 'macro', maybe_part)

  146.             cached = 'MACRO'

  147.           elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then

  148.             rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix)

  149.             common.yield_result(task, rule, 'Limits Exceeded: ' .. vname, 0.0,

  150.                 'fail', maybe_part)

  151.           elseif vname then

  152.             common.yield_result(task, rule, vname, 1.0, nil, maybe_part)

  153.             cached = vname

  154.           else

  155.             rspamd_logger.errx(task, '%s: unhandled response: %s', rule.log_prefix, data)

  156.             common.yield_result(task, rule, 'unhandled response:' .. vname, 0.0,

  157.                 'fail', maybe_part)

  158.           end

  159.         end

  160.         if cached then

  161.           common.save_cache(task, digest, rule, cached, 1.0, maybe_part)

  162.         end

  163.       end

  164.     end

  165. 

  166.     tcp.request({

  167.       task = task,

  168.       host = addr:to_string(),

  169.       port = addr:get_port(),

  170.       timeout = rule['timeout'],

  171.       callback = clamav_callback,

  172.       upstream = upstream,

  173.       data = { header, content, footer },

  174.       stop_pattern = '\0'

  175.     })

  176.   end

  177. 

  178.   if common.condition_check_and_continue(task, content, rule, digest,

  179.       clamav_check_uncached, maybe_part) then

  180.     return

  181.   else

  182.     clamav_check_uncached()

  183.   end

  184. 

  185. end

  186. 

  187. return {

  188.   type = 'antivirus',

  189.   description = 'clamav antivirus',

  190.   configure = clamav_config,

  191.   check = clamav_check,

  192.   name = N

  193. }