Merge pull request #2822 from HeinleinSupport/lua_scanners

Lua scanners - some fixes

3 files changed, 23 insertions, 28 deletions

diff --git a/lualib/lua_scanners/common.lua b/lualib/lua_scanners/common.lua
index 2a748eaa5..9bf2adf44 100644
--- a/lualib/lua_scanners/common.lua
+++ b/lualib/lua_scanners/common.lua
@@ -65,52 +65,46 @@ local function yield_result(task, rule, vname, dyn_weight, is_fail)
   local all_whitelisted = true
   local patterns
   local symbol
+  local threat_table = {}
+  local threat_info
 
   -- This should be more generic
   if not is_fail then
     patterns = rule.patterns
     symbol = rule.symbol
+    threat_info = rule.detection_category .. 'found'
     if not dyn_weight then dyn_weight = 1.0 end
   elseif is_fail == 'fail' then
     patterns = rule.patterns_fail
     symbol = rule.symbol_fail
+    threat_info = "FAILED with error"
     dyn_weight = 0.0
   end
 
   if type(vname) == 'string' then
-    local symname, symscore = match_patterns(symbol,
-        vname,
-        patterns,
-        dyn_weight)
-    if rule.whitelist and rule.whitelist:get_key(vname) then
-      rspamd_logger.infox(task, '%s: "%s" is in whitelist', rule.log_prefix, vname)
-      return
-    end
-    task:insert_result(symname, symscore, vname)
-    rspamd_logger.infox(task, '%s: %s found: "%s - score: %s"',
-        rule.log_prefix, rule.detection_category, vname, symscore)
+    table.insert(threat_table, vname)
   elseif type(vname) == 'table' then
-    for _, vn in ipairs(vname) do
-      local symname, symscore = match_patterns(symbol, vn, patterns, dyn_weight)
-      if rule.whitelist and rule.whitelist:get_key(vn) then
-        rspamd_logger.infox(task, '%s: "%s" is in whitelist', rule.log_prefix, vn)
-      else
-        all_whitelisted = false
-        task:insert_result(symname, symscore, vn)
-        rspamd_logger.infox(task, '%s: %s found: "%s - score: %s"',
-            rule.log_prefix, rule.detection_category, vn, symscore)
-      end
-    end
+    threat_table = vname
   end
-  if rule.action and is_fail ~= 'fail' then
-    if type(vname) == 'table' then
-      if all_whitelisted then return end
-      vname = table.concat(vname, '; ')
+
+  for _, tm in ipairs(threat_table) do
+    local symname, symscore = match_patterns(symbol, tm, patterns, dyn_weight)
+    if rule.whitelist and rule.whitelist:get_key(tm) then
+      rspamd_logger.infox(task, '%s: "%s" is in whitelist', rule.log_prefix, tm)
+    else
+      all_whitelisted = false
+      task:insert_result(symname, symscore, tm)
+      rspamd_logger.infox(task, '%s: result - %s: "%s - score: %s"',
+          rule.log_prefix, threat_info, tm, symscore)
     end
+  end
+
+  if rule.action and is_fail ~= 'fail' and not all_whitelisted then
+    threat_table = table.concat(threat_table, '; ')
     task:set_pre_result(rule.action,
         lua_util.template(rule.message or 'Rejected', {
           SCANNER = rule.name,
-          VIRUS = vname,
+          VIRUS = threat_table,
         }), rule.name)
   end
 end
diff --git a/lualib/lua_scanners/init.lua b/lualib/lua_scanners/init.lua
index d56bf4c6d..99cec68b3 100644
--- a/lualib/lua_scanners/init.lua
+++ b/lualib/lua_scanners/init.lua
@@ -42,6 +42,7 @@ require_scanner('dcc')
 require_scanner('oletools')
 require_scanner('icap')
 require_scanner('vadesecure')
+require_scanner('spamassassin')
 
 exports.add_scanner = function(name, t, conf_func, check_func)
   assert(type(conf_func) == 'function' and type(check_func) == 'function',
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index 577b79863..a17840305 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -173,7 +173,7 @@ local function oletools_check(task, content, digest, rule)
                 m_suspicious = 'S'
                 table.insert(analysis_keyword_table, a.keyword)
               end
-            elseif a.type == 'IOCs' then
+            elseif a.type == 'IOC' then
               m_iocs = 'I'
             elseif a.type == 'Hex strings' then
               m_hex = 'H'