diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-03-20 16:56:09 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-20 16:56:09 +0000 |
| commit | 2993c04b809650933446bf0d23621b8dc4e2cb6a (patch) | |
| tree | c0289f74022c2b5eeed5986b43aa593b8992c76c | |
| parent | 9e772a2d54f45f68477d5ac031d9577fb58c8699 (diff) | |
| parent | fc41f127cc27c982008382781fc82e1f1256515d (diff) | |
| download | rspamd-2993c04b809650933446bf0d23621b8dc4e2cb6a.tar.gz rspamd-2993c04b809650933446bf0d23621b8dc4e2cb6a.zip | |
Merge pull request #2095 from Heinlein-Support-GmbH/master
Handle some Sophos / SAVDI Return Codes as Pseudo Virus
| -rw-r--r-- | src/plugins/lua/antivirus.lua | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua index 4b69b8850..4f132604b 100644 --- a/src/plugins/lua/antivirus.lua +++ b/src/plugins/lua/antivirus.lua @@ -531,6 +531,7 @@ local function sophos_check(task, rule) local bye = 'BYE\n' local function sophos_callback(err, data, conn) + if err then if err == 'IO timeout' then if retransmits > 0 then @@ -554,6 +555,7 @@ local function sophos_check(task, rule) else upstream:ok() data = tostring(data) + rspamd_logger.errx(task, 'data2: %s', data) local vname = string.match(data, 'VIRUS (%S+) ') if vname then yield_result(task, rule, vname) @@ -564,6 +566,20 @@ local function sophos_check(task, rule) rspamd_logger.infox(task, '%s [%s]: message is clean', rule['symbol'], rule['type']) end save_av_cache(task, rule, 'OK') + elseif string.find(data, 'FAIL 0212') then + if rule['savdi_report_encrypted'] then + rspamd_logger.infox(task, 'Message is ENCRYPTED (0212 SOPHOS_SAVI_ERROR_FILE_ENCRYPTED): %s', data) + yield_result(task, rule, "SAVDI_FILE_ENCRYPTED") + save_av_cache(task, rule, "SAVDI_FILE_ENCRYPTED") + end + elseif string.find(data, 'REJ 4') then + if rule['savdi_report_oversize'] then + rspamd_logger.infox(task, 'Message is OVERSIZED (SSSP reject code 4): %s', data) + yield_result(task, rule, "SAVDI_FILE_OVERSIZED") + save_av_cache(task, rule, "SAVDI_FILE_OVERSIZED") + end + elseif string.find(data, 'REJ 1') then + rspamd_logger.errx(task, 'SAVDI (Protocol error (REJ 1)): %s', data) elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then conn:add_read(sophos_callback) else @@ -866,4 +882,3 @@ if opts and type(opts) == 'table' then lua_util.disable_module(N, 'config') end end - |