diff options
author | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2019-01-13 15:15:36 +0100 |
---|---|---|
committer | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2019-01-13 15:15:36 +0100 |
commit | 33445bb71561b9d70f5fafbf890d0706b79f0250 (patch) | |
tree | 3191b12276a2a9d8d8bf560847fb83501abefac2 /lualib/lua_scanners/oletools.lua | |
parent | 458cae13353f8daa2808f038a674dee96e7bfbbf (diff) | |
download | rspamd-33445bb71561b9d70f5fafbf890d0706b79f0250.tar.gz rspamd-33445bb71561b9d70f5fafbf890d0706b79f0250.zip |
[Minor] lua_scanners - olefy - small changes
Diffstat (limited to 'lualib/lua_scanners/oletools.lua')
-rw-r--r-- | lualib/lua_scanners/oletools.lua | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua index 97e0172ca..fd2775775 100644 --- a/lualib/lua_scanners/oletools.lua +++ b/lualib/lua_scanners/oletools.lua @@ -17,7 +17,8 @@ limitations under the License. --[[[ -- @module oletools --- This module contains oletools access functions +-- This module contains oletools access functions. +-- Olefy is needed: https://github.com/HeinleinSupport/olefy --]] local lua_util = require "lua_util" @@ -61,7 +62,7 @@ local function oletools_check(task, content, digest, rule) task = task, host = addr:to_string(), port = addr:get_port(), - timeout = rule['timeout'], + timeout = rule.timeout, shutdown = true, data = content, callback = oletools_callback, @@ -69,7 +70,7 @@ local function oletools_check(task, content, digest, rule) else rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits '.. 'exceed', rule.log_prefix) - task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and '.. + task:insert_result(rule.symbol_fail, 0.0, 'failed to scan and '.. 'retransmits exceed') end end @@ -107,7 +108,6 @@ local function oletools_check(task, content, digest, rule) [9] = 'RETURN_ENCRYPTED', } - --lua_util.debugm(rule.module_name, task, '%s: result: %s', rule.log_prefix, result) lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file']) lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type']) @@ -170,6 +170,7 @@ local function oletools_check(task, content, digest, rule) end lua_util.debugm(rule.module_name, task, '%s: extended: %s', rule.log_prefix, rule.extended) + if rule.extended == false and macro_autoexec and macro_suspicious then lua_util.debugm(rule.module_name, task, '%s: found macro_autoexec and '.. @@ -197,7 +198,7 @@ local function oletools_check(task, content, digest, rule) task = task, host = addr:to_string(), port = addr:get_port(), - timeout = rule['timeout'], + timeout = rule.timeout, shutdown = true, data = content, callback = oletools_callback, @@ -224,7 +225,7 @@ local function oletools_config(opts) timeout = 15.0, log_clean = false, retransmits = 2, - cache_expire = 7200, -- expire redis in 2h + cache_expire = 86400, -- expire redis in 1d message = '${SCANNER}: Oletools threat message found: "${VIRUS}"', detection_category = "office macro", default_score = 1, @@ -267,7 +268,7 @@ local function oletools_config(opts) end return { - type = {module_name,'office macro scanner', 'hash', 'scanner'}, + type = {module_name,'attachment scanner', 'hash', 'scanner'}, description = 'oletools office macro scanner', configure = oletools_config, check = oletools_check, |