mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20902 Commits
29 Branches
Tree: b1299ac910
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b1299ac910'
${ noResults }
rspamd/lualib/lua_scanners/vadesecure.lua

vadesecure.lua 10.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module vadesecure

  19. -- This module contains Vadesecure Filterd interface

  20. --]]

  21. 

  22. local lua_util = require "lua_util"

  23. local http = require "rspamd_http"

  24. local upstream_list = require "rspamd_upstream_list"

  25. local rspamd_logger = require "rspamd_logger"

  26. local ucl = require "ucl"

  27. local common = require "lua_scanners/common"

  28. 

  29. local N = 'vadesecure'

  30. 

  31. local function vade_config(opts)

  32. 

  33.   local vade_conf = {

  34.     name = N,

  35.     default_port = 23808,

  36.     url = '/api/v1/scan',

  37.     use_https = false,

  38.     timeout = 5.0,

  39.     log_clean = false,

  40.     retransmits = 1,

  41.     cache_expire = 7200, -- expire redis in 2h

  42.     message = '${SCANNER}: spam message found: "${VIRUS}"',

  43.     detection_category = "hash",

  44.     default_score = 1,

  45.     action = false,

  46.     log_spamcause = true,

  47.     symbol_fail = 'VADE_FAIL',

  48.     symbol = 'VADE_CHECK',

  49.     settings_outbound = nil, -- Set when there is a settings id for outbound messages

  50.     symbols = {

  51.       clean = {

  52.         symbol = 'VADE_CLEAN',

  53.         score = -0.5,

  54.         description = 'VadeSecure decided message to be clean'

  55.       },

  56.       spam = {

  57.         high = {

  58.           symbol = 'VADE_SPAM_HIGH',

  59.           score = 8.0,

  60.           description = 'VadeSecure decided message to be clearly spam'

  61.         },

  62.         medium = {

  63.           symbol = 'VADE_SPAM_MEDIUM',

  64.           score = 5.0,

  65.           description = 'VadeSecure decided message to be highly likely spam'

  66.         },

  67.         low = {

  68.           symbol = 'VADE_SPAM_LOW',

  69.           score = 2.0,

  70.           description = 'VadeSecure decided message to be likely spam'

  71.         },

  72.       },

  73.       malware = {

  74.         symbol = 'VADE_MALWARE',

  75.         score = 8.0,

  76.         description = 'VadeSecure decided message to be malware'

  77.       },

  78.       scam = {

  79.         symbol = 'VADE_SCAM',

  80.         score = 7.0,

  81.         description = 'VadeSecure decided message to be scam'

  82.       },

  83.       phishing = {

  84.         symbol = 'VADE_PHISHING',

  85.         score = 8.0,

  86.         description = 'VadeSecure decided message to be phishing'

  87.       },

  88.       commercial = {

  89.         symbol = 'VADE_COMMERCIAL',

  90.         score = 0.0,

  91.         description = 'VadeSecure decided message to be commercial message'

  92.       },

  93.       community = {

  94.         symbol = 'VADE_COMMUNITY',

  95.         score = 0.0,

  96.         description = 'VadeSecure decided message to be community message'

  97.       },

  98.       transactional = {

  99.         symbol = 'VADE_TRANSACTIONAL',

  100.         score = 0.0,

  101.         description = 'VadeSecure decided message to be transactional message'

  102.       },

  103.       suspect = {

  104.         symbol = 'VADE_SUSPECT',

  105.         score = 3.0,

  106.         description = 'VadeSecure decided message to be suspicious message'

  107.       },

  108.       bounce = {

  109.         symbol = 'VADE_BOUNCE',

  110.         score = 0.0,

  111.         description = 'VadeSecure decided message to be bounce message'

  112.       },

  113.       other = 'VADE_OTHER',

  114.     }

  115.   }

  116. 

  117.   vade_conf = lua_util.override_defaults(vade_conf, opts)

  118. 

  119.   if not vade_conf.prefix then

  120.     vade_conf.prefix = 'rs_' .. vade_conf.name .. '_'

  121.   end

  122. 

  123.   if not vade_conf.log_prefix then

  124.     if vade_conf.name:lower() == vade_conf.type:lower() then

  125.       vade_conf.log_prefix = vade_conf.name

  126.     else

  127.       vade_conf.log_prefix = vade_conf.name .. ' (' .. vade_conf.type .. ')'

  128.     end

  129.   end

  130. 

  131.   if not vade_conf.servers and vade_conf.socket then

  132.     vade_conf.servers = vade_conf.socket

  133.   end

  134. 

  135.   if not vade_conf.servers then

  136.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  137. 

  138.     return nil

  139.   end

  140. 

  141.   vade_conf.upstreams = upstream_list.create(rspamd_config,

  142.       vade_conf.servers,

  143.       vade_conf.default_port)

  144. 

  145.   if vade_conf.upstreams then

  146.     lua_util.add_debug_alias('external_services', vade_conf.name)

  147.     return vade_conf

  148.   end

  149. 

  150.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  151.       vade_conf['servers'])

  152.   return nil

  153. end

  154. 

  155. local function vade_check(task, content, digest, rule, maybe_part)

  156.   local function vade_check_uncached()

  157.     local function vade_url(addr)

  158.       local url

  159.       if rule.use_https then

  160.         url = string.format('https://%s:%d%s', tostring(addr),

  161.             rule.default_port, rule.url)

  162.       else

  163.         url = string.format('http://%s:%d%s', tostring(addr),

  164.             rule.default_port, rule.url)

  165.       end

  166. 

  167.       return url

  168.     end

  169. 

  170.     local upstream = rule.upstreams:get_upstream_round_robin()

  171.     local addr = upstream:get_addr()

  172.     local retransmits = rule.retransmits

  173. 

  174.     local url = vade_url(addr)

  175.     local hdrs = {}

  176. 

  177.     local helo = task:get_helo()

  178.     if helo then

  179.       hdrs['X-Helo'] = helo

  180.     end

  181.     local mail_from = task:get_from('smtp') or {}

  182.     if mail_from[1] and #mail_from[1].addr > 1 then

  183.       hdrs['X-Mailfrom'] = mail_from[1].addr

  184.     end

  185. 

  186.     local rcpt_to = task:get_recipients('smtp')

  187.     if rcpt_to then

  188.       hdrs['X-Rcptto'] = {}

  189.       for _, r in ipairs(rcpt_to) do

  190.         table.insert(hdrs['X-Rcptto'], r.addr)

  191.       end

  192.     end

  193. 

  194.     local fip = task:get_from_ip()

  195.     if fip and fip:is_valid() then

  196.       hdrs['X-Inet'] = tostring(fip)

  197.     end

  198. 

  199.     if rule.settings_outbound then

  200.       local settings_id = task:get_settings_id()

  201. 

  202.       if settings_id then

  203.         local lua_settings = require "lua_settings"

  204.         -- Convert to string

  205.         settings_id = lua_settings.settings_by_id(settings_id)

  206. 

  207.         if settings_id then

  208.           settings_id = settings_id.name or ''

  209. 

  210.           if settings_id == rule.settings_outbound then

  211.             lua_util.debugm(rule.name, task, '%s settings has matched outbound',

  212.                 settings_id)

  213.             hdrs['X-Params'] = 'mode=smtpout'

  214.           end

  215.         end

  216.       end

  217.     end

  218. 

  219.     local request_data = {

  220.       task = task,

  221.       url = url,

  222.       body = task:get_content(),

  223.       headers = hdrs,

  224.       timeout = rule.timeout,

  225.     }

  226. 

  227.     local function vade_callback(http_err, code, body, headers)

  228. 

  229.       local function vade_requery()

  230.         -- set current upstream to fail because an error occurred

  231.         upstream:fail()

  232. 

  233.         -- retry with another upstream until retransmits exceeds

  234.         if retransmits > 0 then

  235. 

  236.           retransmits = retransmits - 1

  237. 

  238.           lua_util.debugm(rule.name, task,

  239.               '%s: Request Error: %s - retries left: %s',

  240.               rule.log_prefix, http_err, retransmits)

  241. 

  242.           -- Select a different upstream!

  243.           upstream = rule.upstreams:get_upstream_round_robin()

  244.           addr = upstream:get_addr()

  245.           url = vade_url(addr)

  246. 

  247.           lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s',

  248.               rule.log_prefix, addr, addr:get_port())

  249.           request_data.url = url

  250. 

  251.           http.request(request_data)

  252.         else

  253.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits ' ..

  254.               'exceed', rule.log_prefix)

  255.           task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and ' ..

  256.               'retransmits exceed')

  257.         end

  258.       end

  259. 

  260.       if http_err then

  261.         vade_requery()

  262.       else

  263.         -- Parse the response

  264.         if upstream then

  265.           upstream:ok()

  266.         end

  267.         if code ~= 200 then

  268.           rspamd_logger.errx(task, 'invalid HTTP code: %s, body: %s, headers: %s', code, body, headers)

  269.           task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code)

  270.           return

  271.         end

  272.         local parser = ucl.parser()

  273.         local ret, err = parser:parse_string(body)

  274.         if not ret then

  275.           rspamd_logger.errx(task, 'vade: bad response body (raw): %s', body)

  276.           task:insert_result(rule.symbol_fail, 1.0, 'Parser error: ' .. err)

  277.           return

  278.         end

  279.         local obj = parser:get_object()

  280.         local verdict = obj.verdict

  281.         if not verdict then

  282.           rspamd_logger.errx(task, 'vade: bad response JSON (no verdict): %s', obj)

  283.           task:insert_result(rule.symbol_fail, 1.0, 'No verdict/unknown verdict')

  284.           return

  285.         end

  286.         local vparts = lua_util.str_split(verdict, ":")

  287.         verdict = table.remove(vparts, 1) or verdict

  288. 

  289.         local sym = rule.symbols[verdict]

  290.         if not sym then

  291.           sym = rule.symbols.other

  292.         end

  293. 

  294.         if not sym.symbol then

  295.           -- Subcategory match

  296.           local lvl = 'low'

  297.           if vparts and vparts[1] then

  298.             lvl = vparts[1]

  299.           end

  300. 

  301.           if sym[lvl] then

  302.             sym = sym[lvl]

  303.           else

  304.             sym = rule.symbols.other

  305.           end

  306.         end

  307. 

  308.         local opts = {}

  309.         if obj.score then

  310.           table.insert(opts, 'score=' .. obj.score)

  311.         end

  312.         if obj.elapsed then

  313.           table.insert(opts, 'elapsed=' .. obj.elapsed)

  314.         end

  315. 

  316.         if rule.log_spamcause and obj.spamcause then

  317.           rspamd_logger.infox(task, 'vadesecure verdict="%s", score=%s, spamcause="%s", message-id="%s"',

  318.               verdict, obj.score, obj.spamcause, task:get_message_id())

  319.         else

  320.           lua_util.debugm(rule.name, task, 'vadesecure returned verdict="%s", score=%s, spamcause="%s"',

  321.               verdict, obj.score, obj.spamcause)

  322.         end

  323. 

  324.         if #vparts > 0 then

  325.           table.insert(opts, 'verdict=' .. verdict .. ';' .. table.concat(vparts, ':'))

  326.         end

  327. 

  328.         task:insert_result(sym.symbol, 1.0, opts)

  329.       end

  330.     end

  331. 

  332.     request_data.callback = vade_callback

  333.     http.request(request_data)

  334.   end

  335. 

  336.   if common.condition_check_and_continue(task, content, rule, digest,

  337.       vade_check_uncached, maybe_part) then

  338.     return

  339.   else

  340.     vade_check_uncached()

  341.   end

  342. 

  343. end

  344. 

  345. return {

  346.   type = { 'vadesecure', 'scanner' },

  347.   description = 'VadeSecure Filterd interface',

  348.   configure = vade_config,

  349.   check = vade_check,

  350.   name = N

  351. }