[Project] Recognize KAS SE response codes

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-10-05 14:33:41 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-10-05 14:33:41 +0100
commit: 59e4f4a5c429b509ddb424624f918d963e2287d9 (patch)
tree: 3a3eca37bccf9e4be68c6b7e22e34b9dd626df51 /lualib/lua_scanners
parent: 068df5296c8b6e2b9ed87b17980484c1723653b3 (diff)
download: rspamd-59e4f4a5c429b509ddb424624f918d963e2287d9.tar.gz
rspamd-59e4f4a5c429b509ddb424624f918d963e2287d9.zip
1 files changed, 39 insertions, 1 deletions
diff --git a/lualib/lua_scanners/kaspersky_se.lua b/lualib/lua_scanners/kaspersky_se.lua
index f59cafa47..b1a35f101 100644
--- a/lualib/lua_scanners/kaspersky_se.lua
+++ b/lualib/lua_scanners/kaspersky_se.lua
@@ -204,7 +204,45 @@ local function kaspersky_se_check(task, content, digest, rule)
           task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code)
           return
         end
-        rspamd_logger.errx(task, 'got reply: %s', body)
+        lua_util.debugm(rule.name, task, 'got reply: %s', body)
+        local data = tostring(body)
+        local cached
+        lua_util.debugm(rule.name, task, '%s: got reply: %s',
+            rule.log_prefix, data)
+        if data == 'CLEAN' then
+          cached = 'CLEAN'
+          if rule['log_clean'] then
+            rspamd_logger.infox(task, '%s: message or mime_part is clean',
+                rule.log_prefix)
+          else
+            lua_util.debugm(rule.name, task, '%s: message or mime_part is clean',
+                rule.log_prefix)
+          end
+        elseif data == 'SERVER_ERROR' then
+          rspamd_logger.errx(task, '%s: error: %s', rule.log_prefix, data)
+          common.yield_result(task, rule, 'error:' .. data,
+              0.0, 'fail')
+        elseif string.match(data, 'DETECT (.+)') then
+          local vname = string.match(data, 'DETECT (.+)')
+          common.yield_result(task, rule, vname)
+          cached = vname
+        elseif string.match(data, 'NON_SCANNED %((.+)%)') then
+          local why = string.match(data, 'NON_SCANNED %((.+)%)')
+
+          if why == 'PASSWORD PROTECTED' then
+            rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix)
+            common.yield_result(task, rule, 'File is encrypted: '.. why,
+                0.0, 'encrypted')
+          else
+            common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail')
+          end
+        else
+          rspamd_logger.errx(task, '%s: unhandled response: %s', rule.log_prefix, data)
+          common.yield_result(task, rule, 'unhandled response:' .. data, 0.0, 'fail')
+        end
+          if cached then
+          common.save_cache(task, digest, rule, cached)
+          end
 
       end
     end
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-10-05 14:33:41 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-10-05 14:33:41 +0100
commit	59e4f4a5c429b509ddb424624f918d963e2287d9 (patch)
tree	3a3eca37bccf9e4be68c6b7e22e34b9dd626df51 /lualib/lua_scanners
parent	068df5296c8b6e2b9ed87b17980484c1723653b3 (diff)
download	rspamd-59e4f4a5c429b509ddb424624f918d963e2287d9.tar.gz rspamd-59e4f4a5c429b509ddb424624f918d963e2287d9.zip