summaryrefslogtreecommitdiffstats
path: root/lualib
diff options
context:
space:
mode:
authorCarsten Rosenberg <c.rosenberg@heinlein-support.de>2019-01-14 15:15:15 +0100
committerCarsten Rosenberg <c.rosenberg@heinlein-support.de>2019-01-14 15:15:15 +0100
commit8928bebaa3be80655836be2a92e714296564267c (patch)
treeee9559507ca164349976d5e2265140dc847b2ff6 /lualib
parentc2eaa5503fb6f5df753913b87e0b78e5beaa47d1 (diff)
downloadrspamd-8928bebaa3be80655836be2a92e714296564267c.tar.gz
rspamd-8928bebaa3be80655836be2a92e714296564267c.zip
[Minor] lua_scanners - oletools protocol, cache clean
Diffstat (limited to 'lualib')
-rw-r--r--lualib/lua_scanners/oletools.lua30
1 files changed, 17 insertions, 13 deletions
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index 6e1a0fcc1..1cf3e5f5a 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -35,6 +35,7 @@ local function oletools_check(task, content, digest, rule)
local upstream = rule.upstreams:get_upstream_round_robin()
local addr = upstream:get_addr()
local retransmits = rule.retransmits
+ local protocol = 'OLEFY/1.0\n'
local function oletools_callback(err, data, conn)
@@ -63,7 +64,7 @@ local function oletools_check(task, content, digest, rule)
port = addr:get_port(),
timeout = rule.timeout,
shutdown = true,
- data = content,
+ data = { protocol, content },
callback = oletools_callback,
})
else
@@ -107,13 +108,15 @@ local function oletools_check(task, content, digest, rule)
[9] = 'RETURN_ENCRYPTED',
}
- lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
- lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
-
if result[1].error ~= nil then
rspamd_logger.errx(task, '%s: ERROR found: %s', rule.log_prefix,
result[1].error)
- oletools_requery()
+ if result[1].error == 'File too small' then
+ common.save_av_cache(task, digest, rule, 'OK')
+ common.log_clean(task, rule, 'File too small to be scanned for macros')
+ else
+ oletools_requery()
+ end
elseif result[3]['return_code'] == 9 then
rspamd_logger.warnx(task, '%s: File is encrypted.', rule.log_prefix)
elseif result[3]['return_code'] > 6 then
@@ -124,13 +127,13 @@ local function oletools_check(task, content, digest, rule)
rule.log_prefix, oletools_rc[result[3]['return_code']])
oletools_requery()
elseif result[2]['analysis'] == 'null' and #result[2]['macros'] == 0 then
- if rule.log_clean == true then
- rspamd_logger.infox(task, '%s: Scanned Macro is OK', rule.log_prefix)
- else
- lua_util.debugm(rule.module_name, task, '%s: No Macro found', rule.log_prefix)
- end
+ common.save_av_cache(task, digest, rule, 'OK')
+ common.log_clean(task, rule, 'No macro found')
elseif #result[2]['macros'] > 0 then
+ lua_util.debugm(rule.module_name, task, '%s: filename: %s', rule.log_prefix, result[2]['file'])
+ lua_util.debugm(rule.module_name, task, '%s: type: %s', rule.log_prefix, result[2]['type'])
+
for _,m in ipairs(result[2]['macros']) do
lua_util.debugm(rule.module_name, task, '%s: macros found - code: %s, ole_stream: %s, '..
'vba_filename: %s', rule.log_prefix, m.code, m.ole_stream, m.vba_filename)
@@ -183,8 +186,9 @@ local function oletools_check(task, content, digest, rule)
common.yield_result(task, rule, macro_keyword_table, rule.default_score)
common.save_av_cache(task, digest, rule, macro_keyword_table, rule.default_score)
- elseif rule.log_clean == true then
- rspamd_logger.infox(task, '%s: Scanned Macro is OK', rule.log_prefix)
+ else
+ common.save_av_cache(task, digest, rule, 'OK')
+ common.log_clean(task, rule, 'Scanned Macro is OK')
end
else
@@ -199,7 +203,7 @@ local function oletools_check(task, content, digest, rule)
port = addr:get_port(),
timeout = rule.timeout,
shutdown = true,
- data = content,
+ data = { protocol, content },
callback = oletools_callback,
})