[Minor] lua_scanners - icap - add eset support, adopt lua suggestions

author: Carsten Rosenberg <c.rosenberg@heinlein-support.de> 2019-10-01 20:17:44 +0200
committer: Carsten Rosenberg <c.rosenberg@heinlein-support.de> 2019-10-01 20:17:44 +0200
commit: c2f92d020239d41f266839fbe1469608f35af376 (patch)
tree: 90d68229746bff61ceb579092a75002aa55be6af /lualib/lua_scanners/icap.lua
parent: 72852045441aa5395f7512e93be8897d9db50a6c (diff)
download: rspamd-c2f92d020239d41f266839fbe1469608f35af376.tar.gz
rspamd-c2f92d020239d41f266839fbe1469608f35af376.zip
1 files changed, 26 insertions, 18 deletions
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua
index a845a999a..8312d20b9 100644
--- a/lualib/lua_scanners/icap.lua
+++ b/lualib/lua_scanners/icap.lua
@@ -103,8 +103,8 @@ local function icap_check(task, content, digest, rule)
 
     -- Build the icap queries
     local options_request = {
-      "OPTIONS icap://" .. addr:to_string() .. ":" .. addr:get_port() .. "/" .. rule.scheme .. " ICAP/1.0\r\n",
-      "Host: " .. addr:to_string() .. "\r\n",
+      string.format("OPTIONS icap://%s:%s/%s ICAP/1.0\r\n", addr:to_string(), addr:get_port(), rule.scheme),
+      string.format('Host: %s\r\n', addr:to_string()),
       "User-Agent: Rspamd\r\n",
       "Encapsulated: null-body=0\r\n\r\n",
     }
@@ -192,29 +192,37 @@ local function icap_check(task, content, digest, rule)
         Generic Strings:
           X-Infection-Found: Type=0; Resolution=2; Threat=Troj/DocDl-OYC;
           X-Infection-Found: Type=0; Resolution=2; Threat=W97M.Downloader;
+
         Symantec String:
           X-Infection-Found: Type=2; Resolution=2; Threat=Container size violation
           X-Infection-Found: Type=2; Resolution=2; Threat=Encrypted container violation;
+
         Sophos Strings:
           X-Virus-ID: Troj/DocDl-OYC
+
         Kaspersky Web Traffic Security Strings:
           X-Virus-ID: HEUR:Backdoor.Java.QRat.gen
           X-Response-Info: blocked
-
           X-Virus-ID: no threats
           X-Response-Info: blocked
-
           X-Response-Info: passed
+
         Trend Micro IWSVA Strings:
           X-Virus-ID: Trojan.W97M.POWLOAD.SMTHF1
           X-Infection-Found: Type=0; Resolution=2; Threat=Trojan.W97M.POWLOAD.SMTHF1;
+
         F-Secure Internet Gatekeeper Strings:
           X-FSecure-Scan-Result: infected
           X-FSecure-Infection-Name: "Malware.W97M/Agent.32584203"
           X-FSecure-Infected-Filename: "virus.doc"
+
+        ESET File Security for Linux 7.0
+          X-Infection-Found: Type=0; Resolution=0; Threat=VBA/TrojanDownloader.Agent.JOA;
+          X-Virus-ID: Trojaner
+          X-Response-Info: Blocked
         ]] --
 
-        if icap_headers['X-Infection-Found'] ~= nil then
+        if icap_headers['X-Infection-Found'] then
           local _,_,icap_type,_,icap_threat =
             icap_headers['X-Infection-Found']:find("Type=(.-); Resolution=(.-); Threat=(.-);$")
 
@@ -229,12 +237,12 @@ local function icap_check(task, content, digest, rule)
             table.insert(threat_string, icap_threat)
           end
 
-        elseif icap_headers['X-Virus-ID'] ~= nil and icap_headers['X-Virus-ID'] ~= "no threats" then
+        elseif icap_headers['X-Virus-ID'] and icap_headers['X-Virus-ID'] ~= "no threats" then
           lua_util.debugm(rule.name, task,
               '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
 
           if string.find(icap_headers['X-Virus-ID'], ', ') then
-            local vnames = rspamd_str_split(string.gsub(icap_headers['X-Virus-ID'], "%s", ""), ',') or {}
+            local vnames = lua_util.rspamd_str_split(string.gsub(icap_headers['X-Virus-ID'], "%s", ""), ',') or {}
 
             for _,v in ipairs(vnames) do
               table.insert(threat_string, v)
@@ -242,15 +250,15 @@ local function icap_check(task, content, digest, rule)
           else
             table.insert(threat_string, icap_headers['X-Virus-ID'])
           end
-        elseif icap_headers['X-FSecure-Scan-Result'] ~= nil and icap_headers['X-FSecure-Scan-Result'] ~= "clean" then
+        elseif icap_headers['X-FSecure-Scan-Result'] and icap_headers['X-FSecure-Scan-Result'] ~= "clean" then
 
           local infected_filename = ""
           local infection_name = "-unknown-"
 
-          if icap_headers['X-FSecure-Infected-Filename'] ~= nil then
+          if icap_headers['X-FSecure-Infected-Filename'] then
             infected_filename = string.gsub(icap_headers['X-FSecure-Infected-Filename'], '[%s"]', '')
           end
-          if icap_headers['X-FSecure-Infection-Name'] ~= nil then
+          if icap_headers['X-FSecure-Infection-Name'] then
             infection_name = string.gsub(icap_headers['X-FSecure-Infection-Name'], '[%s"]', '')
           end
 
@@ -259,7 +267,7 @@ local function icap_check(task, content, digest, rule)
               rule.log_prefix, infection_name, infected_filename)
 
           if string.find(infection_name, ', ') then
-            local vnames = rspamd_str_split(infection_name, ',') or {}
+            local vnames = lua_util.rspamd_str_split(infection_name, ',') or {}
 
             for _,v in ipairs(vnames) do
               table.insert(threat_string, v)
@@ -286,9 +294,9 @@ local function icap_check(task, content, digest, rule)
 
           local icap_headers = icap_result_header_table(result) or {}
           -- Find ICAP/1.x 2xx response
-          if icap_headers.icap ~= nil and string.find(icap_headers.icap, 'ICAP%/1%.. 2%d%d') then
+          if icap_headers.icap and string.find(icap_headers.icap, 'ICAP%/1%.. 2%d%d') then
             icap_parse_result(icap_headers)
-          elseif icap_headers.icap ~= nil and string.find(icap_headers.icap, 'ICAP%/1%.. [45]%d%d') then
+          elseif icap_headers.icap and string.find(icap_headers.icap, 'ICAP%/1%.. [45]%d%d') then
             -- Find ICAP/1.x 5/4xx response
             --[[
             Symantec String:
@@ -321,17 +329,17 @@ local function icap_check(task, content, digest, rule)
         else
           local icap_headers = icap_result_header_table(tostring(data))
 
-          if icap_headers.icap ~= nil and string.find(icap_headers.icap, 'ICAP%/1%.. 2%d%d') then
-            if icap_headers['Methods'] ~= nil and string.find(icap_headers['Methods'], 'RESPMOD') then
-              if icap_headers['Allow'] ~= nil and string.find(icap_headers['Allow'], '204') then
+          if icap_headers.icap and string.find(icap_headers.icap, 'ICAP%/1%.. 2%d%d') then
+            if icap_headers['Methods'] and string.find(icap_headers['Methods'], 'RESPMOD') then
+              if icap_headers['Allow'] and string.find(icap_headers['Allow'], '204') then
                 add_respond_header('Allow', '204')
               end
-              if icap_headers['Service'] ~= nil and string.find(icap_headers['Service'], 'IWSVA 6.5') then
+              if icap_headers['Service'] and string.find(icap_headers['Service'], 'IWSVA 6.5') then
                 add_respond_header('Encapsulated', 'res-hdr=0 res-body=0')
               else
                 add_respond_header('Encapsulated', 'res-body=0')
               end
-              if icap_headers['Server'] ~= nil and string.find(icap_headers['Server'], 'F-Secure ICAP Server') then
+              if icap_headers['Server'] and string.find(icap_headers['Server'], 'F-Secure ICAP Server') then
                 local from = task:get_from('mime')
                 local rcpt_to = task:get_principal_recipient()
                 local client = task:get_from_ip()
author	Carsten Rosenberg <c.rosenberg@heinlein-support.de>	2019-10-01 20:17:44 +0200
committer	Carsten Rosenberg <c.rosenberg@heinlein-support.de>	2019-10-01 20:17:44 +0200
commit	c2f92d020239d41f266839fbe1469608f35af376 (patch)
tree	90d68229746bff61ceb579092a75002aa55be6af /lualib/lua_scanners/icap.lua
parent	72852045441aa5395f7512e93be8897d9db50a6c (diff)
download	rspamd-c2f92d020239d41f266839fbe1469608f35af376.tar.gz rspamd-c2f92d020239d41f266839fbe1469608f35af376.zip