aboutsummaryrefslogtreecommitdiffstats
path: root/lualib/lua_scanners/oletools.lua
diff options
context:
space:
mode:
authorCarsten Rosenberg <c.rosenberg@heinlein-support.de>2019-01-13 15:15:36 +0100
committerCarsten Rosenberg <c.rosenberg@heinlein-support.de>2019-01-13 15:15:36 +0100
commit33445bb71561b9d70f5fafbf890d0706b79f0250 (patch)
tree3191b12276a2a9d8d8bf560847fb83501abefac2 /lualib/lua_scanners/oletools.lua
parent458cae13353f8daa2808f038a674dee96e7bfbbf (diff)
downloadrspamd-33445bb71561b9d70f5fafbf890d0706b79f0250.tar.gz
rspamd-33445bb71561b9d70f5fafbf890d0706b79f0250.zip
[Minor] lua_scanners - olefy - small changes
Diffstat (limited to 'lualib/lua_scanners/oletools.lua')
-rw-r--r--lualib/lua_scanners/oletools.lua15
1 files changed, 8 insertions, 7 deletions
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index 97e0172ca..fd2775775 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -17,7 +17,8 @@ limitations under the License.
--[[[
-- @module oletools
--- This module contains oletools access functions
+-- This module contains oletools access functions.
+-- Olefy is needed: https://github.com/HeinleinSupport/olefy
--]]
local lua_util = require "lua_util"
@@ -61,7 +62,7 @@ local function oletools_check(task, content, digest, rule)
task = task,
host = addr:to_string(),
port = addr:get_port(),
- timeout = rule['timeout'],
+ timeout = rule.timeout,
shutdown = true,
data = content,
callback = oletools_callback,
@@ -69,7 +70,7 @@ local function oletools_check(task, content, digest, rule)
else
rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits '..
'exceed', rule.log_prefix)
- task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and '..
+ task:insert_result(rule.symbol_fail, 0.0, 'failed to scan and '..
'retransmits exceed')
end
end
@@ -107,7 +108,6 @@ local function oletools_check(task, content, digest, rule)
[9] = 'RETURN_ENCRYPTED',
}
- --lua_util.debugm(rule.module_name, task, '%s: result: %s', rule.log_prefix, result)
lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
@@ -170,6 +170,7 @@ local function oletools_check(task, content, digest, rule)
end
lua_util.debugm(rule.module_name, task, '%s: extended: %s', rule.log_prefix, rule.extended)
+
if rule.extended == false and macro_autoexec and macro_suspicious then
lua_util.debugm(rule.module_name, task, '%s: found macro_autoexec and '..
@@ -197,7 +198,7 @@ local function oletools_check(task, content, digest, rule)
task = task,
host = addr:to_string(),
port = addr:get_port(),
- timeout = rule['timeout'],
+ timeout = rule.timeout,
shutdown = true,
data = content,
callback = oletools_callback,
@@ -224,7 +225,7 @@ local function oletools_config(opts)
timeout = 15.0,
log_clean = false,
retransmits = 2,
- cache_expire = 7200, -- expire redis in 2h
+ cache_expire = 86400, -- expire redis in 1d
message = '${SCANNER}: Oletools threat message found: "${VIRUS}"',
detection_category = "office macro",
default_score = 1,
@@ -267,7 +268,7 @@ local function oletools_config(opts)
end
return {
- type = {module_name,'office macro scanner', 'hash', 'scanner'},
+ type = {module_name,'attachment scanner', 'hash', 'scanner'},
description = 'oletools office macro scanner',
configure = oletools_config,
check = oletools_check,