mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20902 Commits
29 Branches
Tree: b1299ac910
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b1299ac910'
${ noResults }
rspamd/lualib/lua_scanners/kaspersky_se.lua

kaspersky_se.lua 8.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module kaspersky_se

  19. -- This module contains Kaspersky Scan Engine integration support

  20. -- https://www.kaspersky.com/scan-engine

  21. --]]

  22. 

  23. local lua_util = require "lua_util"

  24. local rspamd_util = require "rspamd_util"

  25. local http = require "rspamd_http"

  26. local upstream_list = require "rspamd_upstream_list"

  27. local rspamd_logger = require "rspamd_logger"

  28. local common = require "lua_scanners/common"

  29. 

  30. local N = 'kaspersky_se'

  31. 

  32. local function kaspersky_se_config(opts)

  33. 

  34.   local default_conf = {

  35.     name = N,

  36.     default_port = 9999,

  37.     use_https = false,

  38.     use_files = false,

  39.     timeout = 5.0,

  40.     log_clean = false,

  41.     tmpdir = '/tmp',

  42.     retransmits = 1,

  43.     cache_expire = 7200, -- expire redis in 2h

  44.     message = '${SCANNER}: spam message found: "${VIRUS}"',

  45.     detection_category = "virus",

  46.     default_score = 1,

  47.     action = false,

  48.     scan_mime_parts = true,

  49.     scan_text_mime = false,

  50.     scan_image_mime = false,

  51.   }

  52. 

  53.   default_conf = lua_util.override_defaults(default_conf, opts)

  54. 

  55.   if not default_conf.prefix then

  56.     default_conf.prefix = 'rs_' .. default_conf.name .. '_'

  57.   end

  58. 

  59.   if not default_conf.log_prefix then

  60.     if default_conf.name:lower() == default_conf.type:lower() then

  61.       default_conf.log_prefix = default_conf.name

  62.     else

  63.       default_conf.log_prefix = default_conf.name .. ' (' .. default_conf.type .. ')'

  64.     end

  65.   end

  66. 

  67.   if not default_conf.servers and default_conf.socket then

  68.     default_conf.servers = default_conf.socket

  69.   end

  70. 

  71.   if not default_conf.servers then

  72.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  73. 

  74.     return nil

  75.   end

  76. 

  77.   default_conf.upstreams = upstream_list.create(rspamd_config,

  78.       default_conf.servers,

  79.       default_conf.default_port)

  80. 

  81.   if default_conf.upstreams then

  82.     lua_util.add_debug_alias('external_services', default_conf.name)

  83.     return default_conf

  84.   end

  85. 

  86.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  87.       default_conf['servers'])

  88.   return nil

  89. end

  90. 

  91. local function kaspersky_se_check(task, content, digest, rule, maybe_part)

  92.   local function kaspersky_se_check_uncached()

  93.     local function make_url(addr)

  94.       local url

  95.       local suffix = '/scanmemory'

  96. 

  97.       if rule.use_files then

  98.         suffix = '/scanfile'

  99.       end

  100.       if rule.use_https then

  101.         url = string.format('https://%s:%d%s', tostring(addr),

  102.             addr:get_port(), suffix)

  103.       else

  104.         url = string.format('http://%s:%d%s', tostring(addr),

  105.             addr:get_port(), suffix)

  106.       end

  107. 

  108.       return url

  109.     end

  110. 

  111.     local upstream = rule.upstreams:get_upstream_round_robin()

  112.     local addr = upstream:get_addr()

  113.     local retransmits = rule.retransmits

  114. 

  115.     local url = make_url(addr)

  116.     local hdrs = {

  117.       ['X-KAV-ProtocolVersion'] = '1',

  118.       ['X-KAV-Timeout'] = tostring(rule.timeout * 1000),

  119.     }

  120. 

  121.     if task:has_from() then

  122.       hdrs['X-KAV-ObjectURL'] = string.format('[from:%s]', task:get_from()[1].addr)

  123.     end

  124. 

  125.     local req_body

  126. 

  127.     if rule.use_files then

  128.       local fname = string.format('%s/%s.tmp',

  129.           rule.tmpdir, rspamd_util.random_hex(32))

  130.       local message_fd = rspamd_util.create_file(fname)

  131. 

  132.       if not message_fd then

  133.         rspamd_logger.errx('cannot store file for kaspersky_se scan: %s', fname)

  134.         return

  135.       end

  136. 

  137.       if type(content) == 'string' then

  138.         -- Create rspamd_text

  139.         local rspamd_text = require "rspamd_text"

  140.         content = rspamd_text.fromstring(content)

  141.       end

  142.       content:save_in_file(message_fd)

  143. 

  144.       -- Ensure cleanup

  145.       task:get_mempool():add_destructor(function()

  146.         os.remove(fname)

  147.         rspamd_util.close_file(message_fd)

  148.       end)

  149. 

  150.       req_body = fname

  151.     else

  152.       req_body = content

  153.     end

  154. 

  155.     local request_data = {

  156.       task = task,

  157.       url = url,

  158.       body = req_body,

  159.       headers = hdrs,

  160.       timeout = rule.timeout,

  161.     }

  162. 

  163.     local function kas_callback(http_err, code, body, headers)

  164. 

  165.       local function requery()

  166.         -- set current upstream to fail because an error occurred

  167.         upstream:fail()

  168. 

  169.         -- retry with another upstream until retransmits exceeds

  170.         if retransmits > 0 then

  171. 

  172.           retransmits = retransmits - 1

  173. 

  174.           lua_util.debugm(rule.name, task,

  175.               '%s: Request Error: %s - retries left: %s',

  176.               rule.log_prefix, http_err, retransmits)

  177. 

  178.           -- Select a different upstream!

  179.           upstream = rule.upstreams:get_upstream_round_robin()

  180.           addr = upstream:get_addr()

  181.           url = make_url(addr)

  182. 

  183.           lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s',

  184.               rule.log_prefix, addr, addr:get_port())

  185.           request_data.url = url

  186.           request_data.upstream = upstream

  187. 

  188.           http.request(request_data)

  189.         else

  190.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits ' ..

  191.               'exceed', rule.log_prefix)

  192.           task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and ' ..

  193.               'retransmits exceed')

  194.         end

  195.       end

  196. 

  197.       if http_err then

  198.         requery()

  199.       else

  200.         -- Parse the response

  201.         if upstream then

  202.           upstream:ok()

  203.         end

  204.         if code ~= 200 then

  205.           rspamd_logger.errx(task, 'invalid HTTP code: %s, body: %s, headers: %s', code, body, headers)

  206.           task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code)

  207.           return

  208.         end

  209.         local data = string.gsub(tostring(body), '[\r\n%s]$', '')

  210.         local cached

  211.         lua_util.debugm(rule.name, task, '%s: got reply data: "%s"',

  212.             rule.log_prefix, data)

  213. 

  214.         if data:find('^CLEAN') then

  215.           -- Handle CLEAN replies

  216.           if data == 'CLEAN' then

  217.             cached = 'OK'

  218.             if rule['log_clean'] then

  219.               rspamd_logger.infox(task, '%s: message or mime_part is clean',

  220.                   rule.log_prefix)

  221.             else

  222.               lua_util.debugm(rule.name, task, '%s: message or mime_part is clean',

  223.                   rule.log_prefix)

  224.             end

  225.           elseif data == 'CLEAN AND CONTAINS OFFICE MACRO' then

  226.             common.yield_result(task, rule, 'File contains macros',

  227.                 0.0, 'macro', maybe_part)

  228.             cached = 'MACRO'

  229.           else

  230.             rspamd_logger.errx(task, '%s: unhandled clean response: %s', rule.log_prefix, data)

  231.             common.yield_result(task, rule, 'unhandled response:' .. data,

  232.                 0.0, 'fail', maybe_part)

  233.           end

  234.         elseif data == 'SERVER_ERROR' then

  235.           rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data)

  236.           common.yield_result(task, rule, 'error:' .. data,

  237.               0.0, 'fail', maybe_part)

  238.         elseif string.match(data, 'DETECT (.+)') then

  239.           local vname = string.match(data, 'DETECT (.+)')

  240.           common.yield_result(task, rule, vname, 1.0, nil, maybe_part)

  241.           cached = vname

  242.         elseif string.match(data, 'NON_SCANNED %((.+)%)') then

  243.           local why = string.match(data, 'NON_SCANNED %((.+)%)')

  244. 

  245.           if why == 'PASSWORD PROTECTED' then

  246.             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)

  247.             common.yield_result(task, rule, 'File is encrypted: ' .. why,

  248.                 0.0, 'encrypted', maybe_part)

  249.             cached = 'ENCRYPTED'

  250.           else

  251.             common.yield_result(task, rule, 'unhandled response:' .. data,

  252.                 0.0, 'fail', maybe_part)

  253.           end

  254.         else

  255.           rspamd_logger.errx(task, '%s: unhandled response: %s', rule.log_prefix, data)

  256.           common.yield_result(task, rule, 'unhandled response:' .. data,

  257.               0.0, 'fail', maybe_part)

  258.         end

  259. 

  260.         if cached then

  261.           common.save_cache(task, digest, rule, cached, 1.0, maybe_part)

  262.         end

  263. 

  264.       end

  265.     end

  266. 

  267.     request_data.callback = kas_callback

  268.     http.request(request_data)

  269.   end

  270. 

  271.   if common.condition_check_and_continue(task, content, rule, digest,

  272.       kaspersky_se_check_uncached, maybe_part) then

  273.     return

  274.   else

  275. 

  276.     kaspersky_se_check_uncached()

  277.   end

  278. 

  279. end

  280. 

  281. return {

  282.   type = 'antivirus',

  283.   description = 'Kaspersky Scan Engine interface',

  284.   configure = kaspersky_se_config,

  285.   check = kaspersky_se_check,

  286.   name = N

  287. }