aboutsummaryrefslogtreecommitdiffstats
path: root/lualib
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-01-18 14:55:00 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-01-18 14:55:00 +0000
commitc361d5a35f5e64d3ea429f6358cdc078c29a15c8 (patch)
treeba97e3b0d8966e81b68510e8be92654759fdfd50 /lualib
parentdd4ad1e446ebd8e804bd14714e3a4c565a8ddece (diff)
downloadrspamd-c361d5a35f5e64d3ea429f6358cdc078c29a15c8.tar.gz
rspamd-c361d5a35f5e64d3ea429f6358cdc078c29a15c8.zip
[Minor] Lua_scanners: Various fixes in VadeSecure plugin
Diffstat (limited to 'lualib')
-rw-r--r--lualib/lua_scanners/init.lua1
-rw-r--r--lualib/lua_scanners/vadesecure.lua87
2 files changed, 72 insertions, 16 deletions
diff --git a/lualib/lua_scanners/init.lua b/lualib/lua_scanners/init.lua
index 0c2857e01..d56bf4c6d 100644
--- a/lualib/lua_scanners/init.lua
+++ b/lualib/lua_scanners/init.lua
@@ -41,6 +41,7 @@ require_scanner('sophos')
require_scanner('dcc')
require_scanner('oletools')
require_scanner('icap')
+require_scanner('vadesecure')
exports.add_scanner = function(name, t, conf_func, check_func)
assert(type(conf_func) == 'function' and type(check_func) == 'function',
diff --git a/lualib/lua_scanners/vadesecure.lua b/lualib/lua_scanners/vadesecure.lua
index 6f2124ccb..99ac19b30 100644
--- a/lualib/lua_scanners/vadesecure.lua
+++ b/lualib/lua_scanners/vadesecure.lua
@@ -31,10 +31,10 @@ local function vade_check(task, content, digest, rule)
local function vade_url(addr)
local url
if rule.use_https then
- url = string.format('https://%s:%d/%s', tostring(addr),
+ url = string.format('https://%s:%d%s', tostring(addr),
rule.default_port, rule.url)
else
- url = string.format('http://%s:%d/%s', tostring(addr),
+ url = string.format('http://%s:%d%s', tostring(addr),
rule.default_port, rule.url)
end
@@ -117,20 +117,21 @@ local function vade_check(task, content, digest, rule)
-- Parse the response
if upstream then upstream:ok() end
if code ~= 200 then
+ rspamd_logger.errx(task, 'invalid HTTP code: %s, body: %s, headers: %s', code, body, headers)
task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code)
return
end
local parser = ucl.parser()
local ret, err = parser:parse_string(body)
if not ret then
- rspamd_logger.errx(task, 'Weird response body (raw): %s', body)
+ rspamd_logger.errx(task, 'vade: bad response body (raw): %s', body)
task:insert_result(rule.symbol_fail, 1.0, 'Parser error: ' .. err)
return
end
local obj = parser:get_object()
local verdict = obj.verdict
if not verdict then
- rspamd_logger.errx(task, 'Weird response JSON: %s', obj)
+ rspamd_logger.errx(task, 'vade: bad response JSON (no verdict): %s', obj)
task:insert_result(rule.symbol_fail, 1.0, 'No verdict/unknown verdict')
return
end
@@ -142,7 +143,8 @@ local function vade_check(task, content, digest, rule)
sym = rule.symbols.other
end
- if type(sym) == 'table' then
+ if not sym.symbol then
+ -- Subcategory match
local lvl = 'low'
if vparts and vparts[1] then
lvl = vparts[1]
@@ -166,13 +168,16 @@ local function vade_check(task, content, digest, rule)
if rule.log_spamcause and obj.spamcause then
rspamd_logger.infox(task, 'vadesecure returned verdict="%s", score=%s, spamcause="%s"',
verdict, obj.score, obj.spamcause)
+ else
+ lua_util.debugm(rule.name, task, 'vadesecure returned verdict="%s", score=%s, spamcause="%s"',
+ verdict, obj.score, obj.spamcause)
end
if #vparts > 0 then
table.insert(opts, 'verdict=' .. verdict .. ';' .. table.concat(vparts, ':'))
end
- task:insert_result(sym, 1.0, opts)
+ task:insert_result(sym.symbol, 1.0, opts)
end
end
@@ -200,18 +205,68 @@ local function vade_config(opts)
symbol_fail = 'VADE_FAIL',
symbol = 'VADE_CHECK',
symbols = {
- clean = 'VADE_CLEAN',
+ clean = {
+ symbol = 'VADE_CLEAN',
+ score = -0.5,
+ description = 'VadeSecure decided message to be clean'
+ },
spam = {
- high = 'VADE_SPAM_HIGH',
- medium = 'VADE_SPAM_MEDIUM',
- low = 'VADE_SPAM_LOW'
+ high = {
+ symbol = 'VADE_SPAM_HIGH',
+ score = 8.0,
+ description = 'VadeSecure decided message to be clearly spam'
+ },
+ medium = {
+ symbol = 'VADE_SPAM_MEDIUM',
+ score = 5.0,
+ description = 'VadeSecure decided message to be highly likely spam'
+ },
+ low = {
+ symbol = 'VADE_SPAM_LOW',
+ score = 2.0,
+ description = 'VadeSecure decided message to be likely spam'
+ },
+ },
+ malware = {
+ symbol = 'VADE_MALWARE',
+ score = 8.0,
+ description = 'VadeSecure decided message to be malware'
+ },
+ scam = {
+ symbol = 'VADE_SCAM',
+ score = 7.0,
+ description = 'VadeSecure decided message to be scam'
+ },
+ phishing = {
+ symbol = 'VADE_PHISHING',
+ score = 8.0,
+ description = 'VadeSecure decided message to be phishing'
+ },
+ commercial = {
+ symbol = 'VADE_COMMERCIAL',
+ score = 0.0,
+ description = 'VadeSecure decided message to be commercial message'
+ },
+ community = {
+ symbol = 'VADE_COMMUNITY',
+ score = 0.0,
+ description = 'VadeSecure decided message to be community message'
+ },
+ transactional = {
+ symbol = 'VADE_TRANSACTIONAL',
+ score = 0.0,
+ description = 'VadeSecure decided message to be transactional message'
+ },
+ suspect = {
+ symbol = 'VADE_SUSPECT',
+ score = 3.0,
+ description = 'VadeSecure decided message to be suspicious message'
+ },
+ bounce = {
+ symbol = 'VADE_BOUNCE',
+ score = 0.0,
+ description = 'VadeSecure decided message to be bounce message'
},
- malware = 'VADE_MALWARE',
- scam = 'VADE_SCAM',
- phishing = 'VADE_PHISHING',
- ['commercial:dce'] = 'VADE_DCE',
- suspect = 'VADE_SUSPECT',
- bounce = 'VADE_BOUNCE',
other = 'VADE_OTHER',
}
}