mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21148 Commits
28 Branches
Tree: 94b74c48e4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '94b74c48e4'
${ noResults }
rspamd/lualib/lua_scanners/pyzor.lua

pyzor.lua 6.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215 
  1. --[[

  2. Copyright (c) 2021, defkev <defkev@gmail.com>

  3. Copyright (c) 2018, Carsten Rosenberg <c.rosenberg@heinlein-support.de>

  4. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  5. 

  6. Licensed under the Apache License, Version 2.0 (the "License");

  7. you may not use this file except in compliance with the License.

  8. You may obtain a copy of the License at

  9. 

  10.     http://www.apache.org/licenses/LICENSE-2.0

  11. 

  12. Unless required by applicable law or agreed to in writing, software

  13. distributed under the License is distributed on an "AS IS" BASIS,

  14. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  15. See the License for the specific language governing permissions and

  16. limitations under the License.

  17. ]]--

  18. 

  19. --[[[

  20. -- @module pyzor

  21. -- This module contains pyzor access functions

  22. --]]

  23. 

  24. local lua_util = require "lua_util"

  25. local tcp = require "rspamd_tcp"

  26. local upstream_list = require "rspamd_upstream_list"

  27. local rspamd_logger = require "rspamd_logger"

  28. local common = require "lua_scanners/common"

  29. 

  30. local N = 'pyzor'

  31. local categories = { 'pyzor', 'bulk', 'hash', 'scanner' }

  32. 

  33. local function pyzor_config(opts)

  34. 

  35.   local pyzor_conf = {

  36.     text_part_min_words = 2,

  37.     default_port = 5953,

  38.     timeout = 15.0,

  39.     log_clean = false,

  40.     retransmits = 2,

  41.     detection_category = "hash",

  42.     cache_expire = 7200, -- expire redis in one hour

  43.     message = '${SCANNER}: Pyzor bulk message found: "${VIRUS}"',

  44.     default_score = 1.5,

  45.     action = false,

  46.     min_threshold = 0, -- zero score if whitelist+report count smaller than this

  47.     halfscore_threshold = 0, -- half score if whitelist+report count smaller than this

  48.   }

  49. 

  50.   pyzor_conf = lua_util.override_defaults(pyzor_conf, opts)

  51. 

  52.   if not pyzor_conf.prefix then

  53.     pyzor_conf.prefix = 'rext_' .. N .. '_'

  54.   end

  55. 

  56.   if not pyzor_conf.log_prefix then

  57.     pyzor_conf.log_prefix = N .. ' (' .. pyzor_conf.detection_category .. ')'

  58.   end

  59. 

  60.   if not pyzor_conf['servers'] then

  61.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  62. 

  63.     return nil

  64.   end

  65. 

  66.   pyzor_conf['upstreams'] = upstream_list.create(rspamd_config,

  67.       pyzor_conf['servers'],

  68.       pyzor_conf.default_port)

  69. 

  70.   if pyzor_conf['upstreams'] then

  71.     lua_util.add_debug_alias('external_services', N)

  72.     return pyzor_conf

  73.   end

  74. 

  75.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  76.       pyzor_conf['servers'])

  77.   return nil

  78. end

  79. 

  80. local function pyzor_check(task, content, digest, rule)

  81.   local function pyzor_check_uncached ()

  82.     local upstream = rule.upstreams:get_upstream_round_robin()

  83.     local addr = upstream:get_addr()

  84.     local retransmits = rule.retransmits

  85. 

  86.     local function pyzor_callback(err, data, conn)

  87. 

  88.       if err then

  89. 

  90.         -- retry with another upstream until retransmits exceeds

  91.         if retransmits > 0 then

  92. 

  93.           retransmits = retransmits - 1

  94. 

  95.           -- Select a different upstream!

  96.           upstream = rule.upstreams:get_upstream_round_robin()

  97.           addr = upstream:get_addr()

  98. 

  99.           lua_util.debugm(N, task, '%s: retry IP: %s:%s err: %s',

  100.               rule.log_prefix, addr, addr:get_port(), err)

  101. 

  102.           tcp.request({

  103.             task = task,

  104.             host = addr:to_string(),

  105.             port = addr:get_port(),

  106.             upstream = upstream,

  107.             timeout = rule['timeout'],

  108.             shutdown = true,

  109.             data = content,

  110.             callback = pyzor_callback,

  111.           })

  112.         else

  113.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits exceed',

  114.               rule['symbol'], rule['type'])

  115.           task:insert_result(rule['symbol_fail'], 0.0,

  116.               'failed to scan and retransmits exceed')

  117.         end

  118.       else

  119.         -- pyzor output is unicode (\x09 -> tab, \0a -> newline)

  120.         --   public.pyzor.org:24441  (200, 'OK')     21285091   206759

  121.         --   server:port             Code  Diag      Count      WL-Count

  122.         local str_data = tostring(data)

  123.         lua_util.debugm(N, task, '%s: returned data: %s',

  124.             rule.log_prefix, str_data)

  125.         -- If pyzor would return JSON this wouldn't be necessary

  126.         local resp = {}

  127.         for v in string.gmatch(str_data, '[^\t]+') do

  128.           table.insert(resp, v)

  129.         end

  130.         -- rspamd_logger.infox(task, 'resp: %s', resp)

  131.         if resp[2] ~= [[(200, 'OK')]] then

  132.           rspamd_logger.errx(task, "error parsing response: %s", str_data)

  133.           return

  134.         end

  135. 

  136.         local whitelisted = tonumber(resp[4])

  137.         local reported = tonumber(resp[3])

  138. 

  139.         --rspamd_logger.infox(task, "%s - count=%s wl=%s", addr:to_string(), reported, whitelisted)

  140. 

  141.         --[[

  142.         Weight is Count - WL-Count of rule.default_score in percent, e.g.

  143.         SPAM:

  144.           Count: 100 (100%)

  145.           WL-Count: 1 (1%)

  146.           rule.default_score: 1

  147.           Weight: 0.99

  148.         HAM:

  149.           Count: 10 (100%)

  150.           WL-Count: 10 (100%)

  151.           rule.default_score: 1

  152.           Weight: 0

  153.         ]]

  154.         local weight = 0

  155.         local total = reported + whitelisted

  156.         if total > rule.min_threshold and total > 0 then

  157.           weight = tonumber(string.format("%.2f",

  158.               rule.default_score * (reported - whitelisted) / total))

  159.           if total < rule.halfscore_threshold then

  160.             weight = tonumber(string.format("%.2f", weight / 2))

  161.           end

  162.         end

  163.         local info = string.format("count=%d wl=%d", reported, whitelisted)

  164.         local threat_string = string.format("bl_%d_wl_%d",

  165.             reported, whitelisted)

  166. 

  167.         if weight > 0 then

  168.           lua_util.debugm(N, task, '%s: returned result is spam - info: %s',

  169.               rule.log_prefix, info)

  170.           common.yield_result(task, rule, threat_string, weight)

  171.           common.save_cache(task, digest, rule, threat_string, weight)

  172.         else

  173.           if rule.log_clean then

  174.             rspamd_logger.infox(task, '%s: clean, returned result is ham - info: %s',

  175.                 rule.log_prefix, info)

  176.           else

  177.             lua_util.debugm(N, task, '%s: returned result is ham - info: %s',

  178.                 rule.log_prefix, info)

  179.           end

  180.           common.save_cache(task, digest, rule, 'OK', weight)

  181.         end

  182. 

  183.       end

  184.     end

  185. 

  186.     if digest == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' then

  187.       rspamd_logger.infox(task, '%s: not checking default digest', rule.log_prefix)

  188.       return

  189.     end

  190. 

  191.     tcp.request({

  192.       task = task,

  193.       host = addr:to_string(),

  194.       port = addr:get_port(),

  195.       upstream = upstream,

  196.       timeout = rule.timeout,

  197.       shutdown = true,

  198.       data = content,

  199.       callback = pyzor_callback,

  200.     })

  201.   end

  202.   if common.condition_check_and_continue(task, content, rule, digest, pyzor_check_uncached) then

  203.     return

  204.   else

  205.     pyzor_check_uncached()

  206.   end

  207. end

  208. 

  209. return {

  210.   type = categories,

  211.   description = 'pyzor bulk scanner',

  212.   configure = pyzor_config,

  213.   check = pyzor_check,

  214.   name = N

  215. }