mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14189 Commits
28 Branches
Tree: f40cc5500e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f40cc5500e'
${ noResults }
rspamd/lualib/lua_scanners/clamav.lua

clamav.lua 5.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185 
  1. --[[

  2. Copyright (c) 2018, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module clamav

  19. -- This module contains clamav access functions

  20. --]]

  21. 

  22. local lua_util = require "lua_util"

  23. local tcp = require "rspamd_tcp"

  24. local upstream_list = require "rspamd_upstream_list"

  25. local rspamd_util = require "rspamd_util"

  26. local rspamd_logger = require "rspamd_logger"

  27. local common = require "lua_scanners/common"

  28. 

  29. local N = "clamav"

  30. 

  31. local default_message = '${SCANNER}: virus found: "${VIRUS}"'

  32. 

  33. local function clamav_config(opts)

  34.   local clamav_conf = {

  35.     name = N,

  36.     scan_mime_parts = true,

  37.     scan_text_mime = false,

  38.     scan_image_mime = false,

  39.     default_port = 3310,

  40.     log_clean = false,

  41.     timeout = 5.0, -- FIXME: this will break task_timeout!

  42.     detection_category = "virus",

  43.     retransmits = 2,

  44.     cache_expire = 3600, -- expire redis in one hour

  45.     message = default_message,

  46.   }

  47. 

  48.   clamav_conf = lua_util.override_defaults(clamav_conf, opts)

  49. 

  50.   if not clamav_conf.prefix then

  51.     clamav_conf.prefix = 'rs_' .. clamav_conf.name .. '_'

  52.   end

  53. 

  54.   if not clamav_conf.log_prefix then

  55.     if clamav_conf.name:lower() == clamav_conf.type:lower() then

  56.       clamav_conf.log_prefix = clamav_conf.name

  57.     else

  58.       clamav_conf.log_prefix = clamav_conf.name .. ' (' .. clamav_conf.type .. ')'

  59.     end

  60.   end

  61. 

  62.   if not clamav_conf['servers'] then

  63.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  64. 

  65.     return nil

  66.   end

  67. 

  68.   clamav_conf['upstreams'] = upstream_list.create(rspamd_config,

  69.       clamav_conf['servers'],

  70.       clamav_conf.default_port)

  71. 

  72.   if clamav_conf['upstreams'] then

  73.     lua_util.add_debug_alias('antivirus', clamav_conf.name)

  74.     return clamav_conf

  75.   end

  76. 

  77.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  78.       clamav_conf['servers'])

  79.   return nil

  80. end

  81. 

  82. local function clamav_check(task, content, digest, rule)

  83.   local function clamav_check_uncached ()

  84.     local upstream = rule.upstreams:get_upstream_round_robin()

  85.     local addr = upstream:get_addr()

  86.     local retransmits = rule.retransmits

  87.     local header = rspamd_util.pack("c9 c1 >I4", "zINSTREAM", "\0",

  88.         #content)

  89.     local footer = rspamd_util.pack(">I4", 0)

  90. 

  91.     local function clamav_callback(err, data)

  92.       if err then

  93. 

  94.         -- set current upstream to fail because an error occurred

  95.         upstream:fail()

  96. 

  97.         -- retry with another upstream until retransmits exceeds

  98.         if retransmits > 0 then

  99. 

  100.           retransmits = retransmits - 1

  101. 

  102.           -- Select a different upstream!

  103.           upstream = rule.upstreams:get_upstream_round_robin()

  104.           addr = upstream:get_addr()

  105. 

  106.           lua_util.debugm(rule.name, task, '%s: retry IP: %s',

  107.               rule.log_prefix, addr)

  108. 

  109.           tcp.request({

  110.             task = task,

  111.             host = addr:to_string(),

  112.             port = addr:get_port(),

  113.             timeout = rule['timeout'],

  114.             callback = clamav_callback,

  115.             data = { header, content, footer },

  116.             stop_pattern = '\0'

  117.           })

  118.         else

  119.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits exceed', rule.log_prefix)

  120.           common.yield_result(task, rule, 'failed to scan and retransmits exceed', 0.0, 'fail')

  121.         end

  122. 

  123.       else

  124.         upstream:ok()

  125.         data = tostring(data)

  126.         local cached

  127.         lua_util.debugm(rule.name, task, '%s: got reply: %s',

  128.             rule.log_prefix, data)

  129.         if data == 'stream: OK' then

  130.           cached = 'OK'

  131.           if rule['log_clean'] then

  132.             rspamd_logger.infox(task, '%s: message or mime_part is clean',

  133.                 rule.log_prefix)

  134.           else

  135.             lua_util.debugm(rule.name, task, '%s: message or mime_part is clean', rule.log_prefix)

  136.           end

  137.         else

  138.           local vname = string.match(data, 'stream: (.+) FOUND')

  139.           if string.find(vname, '^Heuristics%.Encrypted') then

  140.             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)

  141.             common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'fail')

  142.           elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then

  143.             rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix)

  144.             common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail')

  145.           elseif vname then

  146.             common.yield_result(task, rule, vname)

  147.             cached = vname

  148.           else

  149.             rspamd_logger.errx(task, '%s: unhandled response: %s', rule.log_prefix, data)

  150.             common.yield_result(task, rule, 'unhandled response:' .. vname, 0.0, 'fail')

  151.           end

  152.         end

  153.         if cached then

  154.           common.save_av_cache(task, digest, rule, cached)

  155.         end

  156.       end

  157.     end

  158. 

  159.     tcp.request({

  160.       task = task,

  161.       host = addr:to_string(),

  162.       port = addr:get_port(),

  163.       timeout = rule['timeout'],

  164.       callback = clamav_callback,

  165.       data = { header, content, footer },

  166.       stop_pattern = '\0'

  167.     })

  168.   end

  169. 

  170.   if common.need_av_check(task, content, rule) then

  171.     if common.check_av_cache(task, digest, rule, clamav_check_uncached) then

  172.       return

  173.     else

  174.       clamav_check_uncached()

  175.     end

  176.   end

  177. end

  178. 

  179. return {

  180.   type = 'antivirus',

  181.   description = 'clamav antivirus',

  182.   configure = clamav_config,

  183.   check = clamav_check,

  184.   name = N

  185. }