aboutsummaryrefslogtreecommitdiffstats
path: root/lualib
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2020-06-04 16:44:18 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2020-06-04 16:44:18 +0100
commit6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d (patch)
tree8f3f5c5c5ba0607af7780e64c476e8afb613c444 /lualib
parentdadcf06ba9f973fb46cad33bb14b629e11d42e94 (diff)
downloadrspamd-6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d.tar.gz
rspamd-6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d.zip
[Minor] Oletools: Sort cat table
Diffstat (limited to 'lualib')
-rw-r--r--lualib/lua_scanners/oletools.lua14
1 files changed, 8 insertions, 6 deletions
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index 80576fa0b..b221a020c 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -171,14 +171,15 @@ local function oletools_check(task, content, digest, rule)
-- M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs,
-- H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings
+ -- Keep sorted to avoid dragons
local analysis_cat_table = {
- macro_exist = '-',
autoexec = '-',
- suspicious = '-',
- iocs = '-',
- hex = '-',
base64 = '-',
dridex = '-',
+ hex = '-',
+ iocs = '-',
+ macro_exist = '-',
+ suspicious = '-',
vba = '-'
}
local analysis_keyword_table = {}
@@ -300,8 +301,9 @@ local function oletools_check(task, content, digest, rule)
elseif rule.extended == true and #analysis_keyword_table > 0 then
-- report any flags (types) and any most keywords as individual virus name
-
- table.insert(analysis_keyword_table, 1, table.concat(lua_util.values(analysis_cat_table)))
+ local analysis_cat_table_values = lua_util.values(analysis_cat_table)
+ table.sort(analysis_cat_table_values)
+ table.insert(analysis_keyword_table, 1, table.concat(analysis_cat_table_values))
lua_util.debugm(rule.name, task, '%s: extended threat result: %s',
rule.log_prefix, table.concat(analysis_keyword_table, ','))