[Minor] lua_scanners - adopt excrypted / macro support

author: Carsten Rosenberg <c.rosenberg@heinlein-support.de> 2019-10-08 21:00:31 +0200
committer: Carsten Rosenberg <c.rosenberg@heinlein-support.de> 2019-10-08 21:00:31 +0200
commit: e45b99bdb699922e4558b2ff28ea5f85a8968d93 (patch)
tree: 4c191bd928bd457f797123f0bd5852c52420583e /lualib/lua_scanners/clamav.lua
parent: f6f3788672ea1bc06a03e6d86e0827fee5429c0e (diff)
download: rspamd-e45b99bdb699922e4558b2ff28ea5f85a8968d93.tar.gz
rspamd-e45b99bdb699922e4558b2ff28ea5f85a8968d93.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lualib/lua_scanners/clamav.lua b/lualib/lua_scanners/clamav.lua
index f95f96d92..2862ce025 100644
--- a/lualib/lua_scanners/clamav.lua
+++ b/lualib/lua_scanners/clamav.lua
@@ -140,6 +140,10 @@ local function clamav_check(task, content, digest, rule)
             rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)
             common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted')
             cached = 'encrypted'
+          elseif string.find(vname, '^Heuristics%.OLE2%.ContainsMacros') then
+            rspamd_logger.errx(task, '%s: ClamAV Found an OLE2 Office Macro', rule.log_prefix)
+            common.yield_result(task, rule, vname, 0.0, 'macro')
+          elseif vname then
           elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then
             rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix)
             common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail')
author	Carsten Rosenberg <c.rosenberg@heinlein-support.de>	2019-10-08 21:00:31 +0200
committer	Carsten Rosenberg <c.rosenberg@heinlein-support.de>	2019-10-08 21:00:31 +0200
commit	e45b99bdb699922e4558b2ff28ea5f85a8968d93 (patch)
tree	4c191bd928bd457f797123f0bd5852c52420583e /lualib/lua_scanners/clamav.lua
parent	f6f3788672ea1bc06a03e6d86e0827fee5429c0e (diff)
download	rspamd-e45b99bdb699922e4558b2ff28ea5f85a8968d93.tar.gz rspamd-e45b99bdb699922e4558b2ff28ea5f85a8968d93.zip