diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-06-04 16:44:18 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-06-04 16:44:18 +0100 |
commit | 6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d (patch) | |
tree | 8f3f5c5c5ba0607af7780e64c476e8afb613c444 /lualib | |
parent | dadcf06ba9f973fb46cad33bb14b629e11d42e94 (diff) | |
download | rspamd-6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d.tar.gz rspamd-6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d.zip |
[Minor] Oletools: Sort cat table
Diffstat (limited to 'lualib')
-rw-r--r-- | lualib/lua_scanners/oletools.lua | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua index 80576fa0b..b221a020c 100644 --- a/lualib/lua_scanners/oletools.lua +++ b/lualib/lua_scanners/oletools.lua @@ -171,14 +171,15 @@ local function oletools_check(task, content, digest, rule) -- M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, -- H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings + -- Keep sorted to avoid dragons local analysis_cat_table = { - macro_exist = '-', autoexec = '-', - suspicious = '-', - iocs = '-', - hex = '-', base64 = '-', dridex = '-', + hex = '-', + iocs = '-', + macro_exist = '-', + suspicious = '-', vba = '-' } local analysis_keyword_table = {} @@ -300,8 +301,9 @@ local function oletools_check(task, content, digest, rule) elseif rule.extended == true and #analysis_keyword_table > 0 then -- report any flags (types) and any most keywords as individual virus name - - table.insert(analysis_keyword_table, 1, table.concat(lua_util.values(analysis_cat_table))) + local analysis_cat_table_values = lua_util.values(analysis_cat_table) + table.sort(analysis_cat_table_values) + table.insert(analysis_keyword_table, 1, table.concat(analysis_cat_table_values)) lua_util.debugm(rule.name, task, '%s: extended threat result: %s', rule.log_prefix, table.concat(analysis_keyword_table, ',')) |