aboutsummaryrefslogtreecommitdiffstats
path: root/lualib/lua_scanners
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-10-08 11:42:44 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-10-08 11:42:44 +0100
commit19598026fd121cc6b9aa2bd4eda14b5ebf616866 (patch)
tree9227755b7bdd253cb8f9dcc31b0ad1ffb6fb0c6d /lualib/lua_scanners
parentac9751f06a1fd97d264772b294c4c4de3728fee9 (diff)
downloadrspamd-19598026fd121cc6b9aa2bd4eda14b5ebf616866.tar.gz
rspamd-19598026fd121cc6b9aa2bd4eda14b5ebf616866.zip
[Feature] Improve AV results caching
Diffstat (limited to 'lualib/lua_scanners')
-rw-r--r--lualib/lua_scanners/common.lua18
1 files changed, 15 insertions, 3 deletions
diff --git a/lualib/lua_scanners/common.lua b/lualib/lua_scanners/common.lua
index 103fce142..d46dadab5 100644
--- a/lualib/lua_scanners/common.lua
+++ b/lualib/lua_scanners/common.lua
@@ -84,6 +84,11 @@ local function yield_result(task, rule, vname, dyn_weight, is_fail)
symbol = rule.symbol_encrypted
threat_info = "Scan has returned that input was encrypted"
dyn_weight = 1.0
+ elseif is_fail == 'macro' then
+ patterns = rule.patterns
+ symbol = rule.symbol_macro
+ threat_info = "Scan has returned that input contains macros"
+ dyn_weight = 1.0
end
if type(vname) == 'string' then
@@ -198,9 +203,16 @@ local function need_check(task, content, rule, digest, fn)
local threat_string = lua_util.str_split(data[1], '\v')
local score = data[2] or rule.default_score
if threat_string[1] ~= 'OK' then
- lua_util.debugm(rule.name, task, '%s: got cached threat result for %s: %s - score: %s',
- rule.log_prefix, key, threat_string[1], score)
- yield_result(task, rule, threat_string, score)
+ if threat_string[1] == 'MACRO' then
+ yield_result(task, rule, 'File contains macros', 0.0, 'macro')
+ elseif threat_string[1] == 'ENCRYPTED' then
+ yield_result(task, rule, 'File is encrypted', 0.0, 'encrypted')
+ else
+ lua_util.debugm(rule.name, task, '%s: got cached threat result for %s: %s - score: %s',
+ rule.log_prefix, key, threat_string[1], score)
+ yield_result(task, rule, threat_string, score)
+ end
+
else
lua_util.debugm(rule.name, task, '%s: got cached negative result for %s: %s',
rule.log_prefix, key, threat_string[1])