diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-09 13:20:16 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-09 13:20:16 +0100 |
| commit | 6614b861a4b0ad518fae972ed509c7d8a983ebf7 (patch) | |
| tree | 7b84b83f779e06e9563afb5b3863cb3a48c96f6b /lualib | |
| parent | 530e595772bf0a1aa9d8be715da6ab4987d4ecae (diff) | |
| download | rspamd-6614b861a4b0ad518fae972ed509c7d8a983ebf7.tar.gz rspamd-6614b861a4b0ad518fae972ed509c7d8a983ebf7.zip | |
[Feature] Antivirus: Handle encrypted files specially
Diffstat (limited to 'lualib')
| -rw-r--r-- | lualib/lua_scanners/clamav.lua | 2 | ||||
| -rw-r--r-- | lualib/lua_scanners/common.lua | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/lualib/lua_scanners/clamav.lua b/lualib/lua_scanners/clamav.lua index b3a1b20f2..1ff3cdc4f 100644 --- a/lualib/lua_scanners/clamav.lua +++ b/lualib/lua_scanners/clamav.lua @@ -138,7 +138,7 @@ local function clamav_check(task, content, digest, rule) local vname = string.match(data, 'stream: (.+) FOUND') if string.find(vname, '^Heuristics%.Encrypted') then rspamd_logger.errx(task, '%s: File is encrypted', rule.log_prefix) - common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'fail') + common.yield_result(task, rule, 'File is encrypted: '.. vname, 0.0, 'encrypted') elseif string.find(vname, '^Heuristics%.Limits%.Exceeded') then rspamd_logger.errx(task, '%s: ClamAV Limits Exceeded', rule.log_prefix) common.yield_result(task, rule, 'Limits Exceeded: '.. vname, 0.0, 'fail') diff --git a/lualib/lua_scanners/common.lua b/lualib/lua_scanners/common.lua index 9bf2adf44..f35ee372d 100644 --- a/lualib/lua_scanners/common.lua +++ b/lualib/lua_scanners/common.lua @@ -79,6 +79,11 @@ local function yield_result(task, rule, vname, dyn_weight, is_fail) symbol = rule.symbol_fail threat_info = "FAILED with error" dyn_weight = 0.0 + elseif is_fail == 'encrypted' then + patterns = rule.patterns + symbol = rule.symbol_encrypted + threat_info = "Scan has returned that input was encrypted" + dyn_weight = 1.0 end if type(vname) == 'string' then |