mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19581 Commits
29 Branches
Tree: f7c44dea2e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7c44dea2e'
${ noResults }
rspamd/lualib/lua_scanners/kaspersky_se.lua

kaspersky_se.lua 8.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module kaspersky_se

  19. -- This module contains Kaspersky Scan Engine integration support

  20. -- https://www.kaspersky.com/scan-engine

  21. --]]

  22. 

  23. local lua_util = require "lua_util"

  24. local rspamd_util = require "rspamd_util"

  25. local http = require "rspamd_http"

  26. local upstream_list = require "rspamd_upstream_list"

  27. local rspamd_logger = require "rspamd_logger"

  28. local common = require "lua_scanners/common"

  29. 

  30. local N = 'kaspersky_se'

  31. 

  32. local function kaspersky_se_config(opts)

  33. 

  34.   local default_conf = {

  35.     name = N,

  36.     default_port = 9999,

  37.     use_https = false,

  38.     use_files = false,

  39.     timeout = 5.0,

  40.     log_clean = false,

  41.     tmpdir = '/tmp',

  42.     retransmits = 1,

  43.     cache_expire = 7200, -- expire redis in 2h

  44.     message = '${SCANNER}: spam message found: "${VIRUS}"',

  45.     detection_category = "virus",

  46.     default_score = 1,

  47.     action = false,

  48.     scan_mime_parts = true,

  49.     scan_text_mime = false,

  50.     scan_image_mime = false,

  51.   }

  52. 

  53.   default_conf = lua_util.override_defaults(default_conf, opts)

  54. 

  55.   if not default_conf.prefix then

  56.     default_conf.prefix = 'rs_' .. default_conf.name .. '_'

  57.   end

  58. 

  59.   if not default_conf.log_prefix then

  60.     if default_conf.name:lower() == default_conf.type:lower() then

  61.       default_conf.log_prefix = default_conf.name

  62.     else

  63.       default_conf.log_prefix = default_conf.name .. ' (' .. default_conf.type .. ')'

  64.     end

  65.   end

  66. 

  67.   if not default_conf.servers and default_conf.socket then

  68.     default_conf.servers = default_conf.socket

  69.   end

  70. 

  71.   if not default_conf.servers then

  72.     rspamd_logger.errx(rspamd_config, 'no servers defined')

  73. 

  74.     return nil

  75.   end

  76. 

  77.   default_conf.upstreams = upstream_list.create(rspamd_config,

  78.       default_conf.servers,

  79.       default_conf.default_port)

  80. 

  81.   if default_conf.upstreams then

  82.     lua_util.add_debug_alias('external_services', default_conf.name)

  83.     return default_conf

  84.   end

  85. 

  86.   rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',

  87.       default_conf['servers'])

  88.   return nil

  89. end

  90. 

  91. local function kaspersky_se_check(task, content, digest, rule, maybe_part)

  92.   local function kaspersky_se_check_uncached()

  93.     local function make_url(addr)

  94.       local url

  95.       local suffix = '/scanmemory'

  96. 

  97.       if rule.use_files then

  98.         suffix = '/scanfile'

  99.       end

  100.       if rule.use_https then

  101.         url = string.format('https://%s:%d%s', tostring(addr),

  102.             addr:get_port(), suffix)

  103.       else

  104.         url = string.format('http://%s:%d%s', tostring(addr),

  105.             addr:get_port(), suffix)

  106.       end

  107. 

  108.       return url

  109.     end

  110. 

  111.     local upstream = rule.upstreams:get_upstream_round_robin()

  112.     local addr = upstream:get_addr()

  113.     local retransmits = rule.retransmits

  114. 

  115.     local url = make_url(addr)

  116.     local hdrs = {

  117.       ['X-KAV-ProtocolVersion'] = '1',

  118.       ['X-KAV-Timeout'] = tostring(rule.timeout * 1000),

  119.     }

  120. 

  121.     if task:has_from() then

  122.       hdrs['X-KAV-ObjectURL'] = string.format('[from:%s]', task:get_from()[1].addr)

  123.     end

  124. 

  125.     local req_body

  126. 

  127.     if rule.use_files then

  128.       local fname =  string.format('%s/%s.tmp',

  129.           rule.tmpdir, rspamd_util.random_hex(32))

  130.       local message_fd = rspamd_util.create_file(fname)

  131. 

  132.       if not message_fd then

  133.         rspamd_logger.errx('cannot store file for kaspersky_se scan: %s', fname)

  134.         return

  135.       end

  136. 

  137.       if type(content) == 'string' then

  138.         -- Create rspamd_text

  139.         local rspamd_text = require "rspamd_text"

  140.         content = rspamd_text.fromstring(content)

  141.       end

  142.       content:save_in_file(message_fd)

  143. 

  144.       -- Ensure cleanup

  145.       task:get_mempool():add_destructor(function()

  146.         os.remove(fname)

  147.         rspamd_util.close_file(message_fd)

  148.       end)

  149. 

  150.       req_body = fname

  151.     else

  152.       req_body = content

  153.     end

  154. 

  155.     local request_data = {

  156.       task = task,

  157.       url = url,

  158.       body = req_body,

  159.       headers = hdrs,

  160.       timeout = rule.timeout,

  161.     }

  162. 

  163.     local function kas_callback(http_err, code, body, headers)

  164. 

  165.       local function requery()

  166.         -- set current upstream to fail because an error occurred

  167.         upstream:fail()

  168. 

  169.         -- retry with another upstream until retransmits exceeds

  170.         if retransmits > 0 then

  171. 

  172.           retransmits = retransmits - 1

  173. 

  174.           lua_util.debugm(rule.name, task,

  175.               '%s: Request Error: %s - retries left: %s',

  176.               rule.log_prefix, http_err, retransmits)

  177. 

  178.           -- Select a different upstream!

  179.           upstream = rule.upstreams:get_upstream_round_robin()

  180.           addr = upstream:get_addr()

  181.           url = make_url(addr)

  182. 

  183.           lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s',

  184.               rule.log_prefix, addr, addr:get_port())

  185.           request_data.url = url

  186. 

  187.           http.request(request_data)

  188.         else

  189.           rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits '..

  190.               'exceed', rule.log_prefix)

  191.           task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and '..

  192.               'retransmits exceed')

  193.         end

  194.       end

  195. 

  196.       if http_err then

  197.         requery()

  198.       else

  199.         -- Parse the response

  200.         if upstream then upstream:ok() end

  201.         if code ~= 200 then

  202.           rspamd_logger.errx(task, 'invalid HTTP code: %s, body: %s, headers: %s', code, body, headers)

  203.           task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code)

  204.           return

  205.         end

  206.         local data = string.gsub(tostring(body), '[\r\n%s]$', '')

  207.         local cached

  208.         lua_util.debugm(rule.name, task, '%s: got reply data: "%s"',

  209.             rule.log_prefix, data)

  210. 

  211.         if data:find('^CLEAN') then

  212.           -- Handle CLEAN replies

  213.           if data == 'CLEAN' then

  214.             cached = 'OK'

  215.             if rule['log_clean'] then

  216.               rspamd_logger.infox(task, '%s: message or mime_part is clean',

  217.                   rule.log_prefix)

  218.             else

  219.               lua_util.debugm(rule.name, task, '%s: message or mime_part is clean',

  220.                   rule.log_prefix)

  221.             end

  222.           elseif data == 'CLEAN AND CONTAINS OFFICE MACRO' then

  223.             common.yield_result(task, rule, 'File contains macros',

  224.                 0.0, 'macro', maybe_part)

  225.             cached = 'MACRO'

  226.           else

  227.             rspamd_logger.errx(task, '%s: unhandled clean response: %s', rule.log_prefix, data)

  228.             common.yield_result(task, rule, 'unhandled response:' .. data,

  229.                 0.0, 'fail', maybe_part)

  230.           end

  231.         elseif data == 'SERVER_ERROR' then

  232.           rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data)

  233.           common.yield_result(task, rule, 'error:' .. data,

  234.               0.0, 'fail', maybe_part)

  235.         elseif string.match(data, 'DETECT (.+)') then

  236.           local vname = string.match(data, 'DETECT (.+)')

  237.           common.yield_result(task, rule, vname, 1.0, nil, maybe_part)

  238.           cached = vname

  239.         elseif string.match(data, 'NON_SCANNED %((.+)%)') then

  240.           local why = string.match(data, 'NON_SCANNED %((.+)%)')

  241. 

  242.           if why == 'PASSWORD PROTECTED' then

  243.             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)

  244.             common.yield_result(task, rule, 'File is encrypted: '.. why,

  245.                 0.0, 'encrypted', maybe_part)

  246.             cached = 'ENCRYPTED'

  247.           else

  248.             common.yield_result(task, rule, 'unhandled response:' .. data,

  249.                 0.0, 'fail', maybe_part)

  250.           end

  251.         else

  252.           rspamd_logger.errx(task, '%s: unhandled response: %s', rule.log_prefix, data)

  253.           common.yield_result(task, rule, 'unhandled response:' .. data,

  254.               0.0, 'fail', maybe_part)

  255.         end

  256. 

  257.         if cached then

  258.           common.save_cache(task, digest, rule, cached, 1.0, maybe_part)

  259.         end

  260. 

  261.       end

  262.     end

  263. 

  264.     request_data.callback = kas_callback

  265.     http.request(request_data)

  266.   end

  267. 

  268.   if common.condition_check_and_continue(task, content, rule, digest,

  269.       kaspersky_se_check_uncached, maybe_part) then

  270.     return

  271.   else

  272. 

  273.     kaspersky_se_check_uncached()

  274.   end

  275. 

  276. end

  277. 

  278. return {

  279.   type = 'antivirus',

  280.   description = 'Kaspersky Scan Engine interface',

  281.   configure = kaspersky_se_config,

  282.   check = kaspersky_se_check,

  283.   name = N

  284. }