diff options
| author | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2021-12-03 18:06:33 +0100 |
|---|---|---|
| committer | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2022-02-27 17:29:05 +0100 |
| commit | 89c9984c0ab7e8f2dc4c963d017c29fddd370968 (patch) | |
| tree | 6e80e7c7173b333d9ab7fa0d5dc33a9704c87a48 /lualib/lua_scanners/icap.lua | |
| parent | 8ddf1aaca978c045a14f82e5f7dcd3d8ca083afb (diff) | |
| download | rspamd-89c9984c0ab7e8f2dc4c963d017c29fddd370968.tar.gz rspamd-89c9984c0ab7e8f2dc4c963d017c29fddd370968.zip | |
[Minor] lua_scanners - icap - add another variant of icap return
Diffstat (limited to 'lualib/lua_scanners/icap.lua')
| -rw-r--r-- | lualib/lua_scanners/icap.lua | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua index d6a4e1ac9..f5240600a 100644 --- a/lualib/lua_scanners/icap.lua +++ b/lualib/lua_scanners/icap.lua @@ -404,37 +404,47 @@ local function icap_check(task, content, digest, rule, maybe_part) http: HTTP/1.0 307 Temporary Redirect ]] -- + local function string_to_threat_table(header_string) + if string.find(header_string, ', ') then + local vnames = lua_util.str_split(string.gsub(header_string, "%s", ""), ',') or {} + + for _,v in ipairs(vnames) do + table.insert(threat_string, v) + end + else + table.insert(threat_string, header_string) + end + end + -- Generic ICAP Headers if headers['x-infection-found'] then local _,_,icap_type,_,icap_threat = headers['x-infection-found']:find("Type=(.-); Resolution=(.-); Threat=(.-);$") - if not icap_type or icap_type == 2 then + if icap_type == 2 then -- error returned lua_util.debugm(rule.name, task, '%s: icap error X-Infection-Found: %s', rule.log_prefix, icap_threat) common.yield_result(task, rule, icap_threat, 0, 'fail', maybe_part) return true - else + elseif icap_threat ~= nil then lua_util.debugm(rule.name, task, '%s: icap X-Infection-Found: %s', rule.log_prefix, icap_threat) table.insert(threat_string, icap_threat) + elseif not icap_threat and headers['x-virus-name']then + string_to_threat_table(headers['x-virus-name']) + else + table.insert(threat_string, headers['x-infection-found']) end - + elseif headers['x-virus-name'] and headers['x-virus-name'] ~= "no threats" then + lua_util.debugm(rule.name, task, + '%s: icap X-Virus-Name: %s', rule.log_prefix, headers['x-virus-name']) + string_to_threat_table(headers['x-virus-name']) elseif headers['x-virus-id'] and headers['x-virus-id'] ~= "no threats" then lua_util.debugm(rule.name, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, headers['x-virus-id']) - - if string.find(headers['x-virus-id'], ', ') then - local vnames = lua_util.str_split(string.gsub(headers['x-virus-id'], "%s", ""), ',') or {} - - for _,v in ipairs(vnames) do - table.insert(threat_string, v) - end - else - table.insert(threat_string, headers['x-virus-id']) - end + string_to_threat_table(headers['x-virus-id']) -- FSecure X-Headers elseif headers['x-fsecure-scan-result'] and headers['x-fsecure-scan-result'] ~= "clean" then @@ -467,6 +477,8 @@ local function icap_check(task, content, digest, rule, maybe_part) -- Sophos SAVDI special http headers elseif headers['x-blocked'] and headers['x-blocked'] ~= "" then table.insert(threat_string, headers['x-blocked']) + elseif headers['x-block-reason'] and headers['x-block-reason'] ~= "" then + table.insert(threat_string, headers['x-block-reason']) -- last try HTTP [4]xx return elseif headers.http and string.find(headers.http, '^HTTP%/[12]%.. [4]%d%d') then local message = string.format("pseudo-virus (blocked): %s", string.gsub(headers.http, 'HTTP%/[12]%.. ', '')) |