diff options
author | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2019-01-26 10:27:31 +0100 |
---|---|---|
committer | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2019-01-26 10:27:31 +0100 |
commit | 193fc0d39126ed23c6fb622c8301aa1f7847ad5f (patch) | |
tree | 8a21d9a075adf008fb6f6f3647869755d2ca9e58 /lualib | |
parent | 8afab41b202cc9bdffc662f9f8a007f40d0fce52 (diff) | |
download | rspamd-193fc0d39126ed23c6fb622c8301aa1f7847ad5f.tar.gz rspamd-193fc0d39126ed23c6fb622c8301aa1f7847ad5f.zip |
[Minor] lua_scanners - icap - Kaspersky support (empty header, multiple viruses)
Diffstat (limited to 'lualib')
-rw-r--r-- | lualib/lua_scanners/icap.lua | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua index 300243337..801db72f6 100644 --- a/lualib/lua_scanners/icap.lua +++ b/lualib/lua_scanners/icap.lua @@ -44,8 +44,6 @@ local function icap_check(task, content, digest, rule) "Encapsulated: null-body=0\r\n\r\n", } local size = string.format("%x", tonumber(#content)) - lua_util.debugm(rule.name, task, '%s: size: %s', - rule.log_prefix, size) local function get_respond_query() table.insert(respond_headers, 1, @@ -69,8 +67,8 @@ local function icap_check(task, content, digest, rule) if string.find(s, '^ICAP') then icap_headers['icap'] = s end - if string.find(s, '[%a%d-+]-: ') then - local _,_,key,value = tostring(s):find("([%a%d-+]-):%s(.+)") + if string.find(s, '[%a%d-+]-:') then + local _,_,key,value = tostring(s):find("([%a%d-+]-):%s?(.+)") icap_headers[key] = value end end @@ -94,6 +92,14 @@ local function icap_check(task, content, digest, rule) X-Infection-Found: Type=2; Resolution=2; Threat=Encrypted container violation; Sophos Strings: X-Virus-ID: Troj/DocDl-OYC + Kaspersky Strings: + X-Virus-ID: HEUR:Backdoor.Java.QRat.gen + X-Response-Info: blocked + + X-Virus-ID: no threats + X-Response-Info: blocked + + X-Response-Info: passed ]] -- if icap_headers['X-Infection-Found'] ~= nil then @@ -111,10 +117,19 @@ local function icap_check(task, content, digest, rule) table.insert(threat_string, icap_threat) end - elseif icap_headers['X-Virus-ID'] ~= nil then + elseif icap_headers['X-Virus-ID'] ~= nil and icap_headers['X-Virus-ID'] ~= "no threats" then lua_util.debugm(rule.name, task, '%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID']) - table.insert(threat_string, icap_headers['X-Virus-ID']) + + if string.find(icap_headers['X-Virus-ID'], ', ') then + local vnames = rspamd_str_split(string.gsub(icap_headers['X-Virus-ID'], "%s", ""), ',') or {} + + for _,v in ipairs(vnames) do + table.insert(threat_string, v) + end + else + table.insert(threat_string, icap_headers['X-Virus-ID']) + end end if #threat_string > 0 then |