diff options
-rw-r--r-- | lualib/lua_scanners/init.lua | 1 | ||||
-rw-r--r-- | lualib/lua_scanners/vadesecure.lua | 87 | ||||
-rw-r--r-- | src/plugins/lua/external_services.lua | 20 |
3 files changed, 91 insertions, 17 deletions
diff --git a/lualib/lua_scanners/init.lua b/lualib/lua_scanners/init.lua index 0c2857e01..d56bf4c6d 100644 --- a/lualib/lua_scanners/init.lua +++ b/lualib/lua_scanners/init.lua @@ -41,6 +41,7 @@ require_scanner('sophos') require_scanner('dcc') require_scanner('oletools') require_scanner('icap') +require_scanner('vadesecure') exports.add_scanner = function(name, t, conf_func, check_func) assert(type(conf_func) == 'function' and type(check_func) == 'function', diff --git a/lualib/lua_scanners/vadesecure.lua b/lualib/lua_scanners/vadesecure.lua index 6f2124ccb..99ac19b30 100644 --- a/lualib/lua_scanners/vadesecure.lua +++ b/lualib/lua_scanners/vadesecure.lua @@ -31,10 +31,10 @@ local function vade_check(task, content, digest, rule) local function vade_url(addr) local url if rule.use_https then - url = string.format('https://%s:%d/%s', tostring(addr), + url = string.format('https://%s:%d%s', tostring(addr), rule.default_port, rule.url) else - url = string.format('http://%s:%d/%s', tostring(addr), + url = string.format('http://%s:%d%s', tostring(addr), rule.default_port, rule.url) end @@ -117,20 +117,21 @@ local function vade_check(task, content, digest, rule) -- Parse the response if upstream then upstream:ok() end if code ~= 200 then + rspamd_logger.errx(task, 'invalid HTTP code: %s, body: %s, headers: %s', code, body, headers) task:insert_result(rule.symbol_fail, 1.0, 'Bad HTTP code: ' .. code) return end local parser = ucl.parser() local ret, err = parser:parse_string(body) if not ret then - rspamd_logger.errx(task, 'Weird response body (raw): %s', body) + rspamd_logger.errx(task, 'vade: bad response body (raw): %s', body) task:insert_result(rule.symbol_fail, 1.0, 'Parser error: ' .. err) return end local obj = parser:get_object() local verdict = obj.verdict if not verdict then - rspamd_logger.errx(task, 'Weird response JSON: %s', obj) + rspamd_logger.errx(task, 'vade: bad response JSON (no verdict): %s', obj) task:insert_result(rule.symbol_fail, 1.0, 'No verdict/unknown verdict') return end @@ -142,7 +143,8 @@ local function vade_check(task, content, digest, rule) sym = rule.symbols.other end - if type(sym) == 'table' then + if not sym.symbol then + -- Subcategory match local lvl = 'low' if vparts and vparts[1] then lvl = vparts[1] @@ -166,13 +168,16 @@ local function vade_check(task, content, digest, rule) if rule.log_spamcause and obj.spamcause then rspamd_logger.infox(task, 'vadesecure returned verdict="%s", score=%s, spamcause="%s"', verdict, obj.score, obj.spamcause) + else + lua_util.debugm(rule.name, task, 'vadesecure returned verdict="%s", score=%s, spamcause="%s"', + verdict, obj.score, obj.spamcause) end if #vparts > 0 then table.insert(opts, 'verdict=' .. verdict .. ';' .. table.concat(vparts, ':')) end - task:insert_result(sym, 1.0, opts) + task:insert_result(sym.symbol, 1.0, opts) end end @@ -200,18 +205,68 @@ local function vade_config(opts) symbol_fail = 'VADE_FAIL', symbol = 'VADE_CHECK', symbols = { - clean = 'VADE_CLEAN', + clean = { + symbol = 'VADE_CLEAN', + score = -0.5, + description = 'VadeSecure decided message to be clean' + }, spam = { - high = 'VADE_SPAM_HIGH', - medium = 'VADE_SPAM_MEDIUM', - low = 'VADE_SPAM_LOW' + high = { + symbol = 'VADE_SPAM_HIGH', + score = 8.0, + description = 'VadeSecure decided message to be clearly spam' + }, + medium = { + symbol = 'VADE_SPAM_MEDIUM', + score = 5.0, + description = 'VadeSecure decided message to be highly likely spam' + }, + low = { + symbol = 'VADE_SPAM_LOW', + score = 2.0, + description = 'VadeSecure decided message to be likely spam' + }, + }, + malware = { + symbol = 'VADE_MALWARE', + score = 8.0, + description = 'VadeSecure decided message to be malware' + }, + scam = { + symbol = 'VADE_SCAM', + score = 7.0, + description = 'VadeSecure decided message to be scam' + }, + phishing = { + symbol = 'VADE_PHISHING', + score = 8.0, + description = 'VadeSecure decided message to be phishing' + }, + commercial = { + symbol = 'VADE_COMMERCIAL', + score = 0.0, + description = 'VadeSecure decided message to be commercial message' + }, + community = { + symbol = 'VADE_COMMUNITY', + score = 0.0, + description = 'VadeSecure decided message to be community message' + }, + transactional = { + symbol = 'VADE_TRANSACTIONAL', + score = 0.0, + description = 'VadeSecure decided message to be transactional message' + }, + suspect = { + symbol = 'VADE_SUSPECT', + score = 3.0, + description = 'VadeSecure decided message to be suspicious message' + }, + bounce = { + symbol = 'VADE_BOUNCE', + score = 0.0, + description = 'VadeSecure decided message to be bounce message' }, - malware = 'VADE_MALWARE', - scam = 'VADE_SCAM', - phishing = 'VADE_PHISHING', - ['commercial:dce'] = 'VADE_DCE', - suspect = 'VADE_SUSPECT', - bounce = 'VADE_BOUNCE', other = 'VADE_OTHER', } } diff --git a/src/plugins/lua/external_services.lua b/src/plugins/lua/external_services.lua index 6ee0535ba..c5889112f 100644 --- a/src/plugins/lua/external_services.lua +++ b/src/plugins/lua/external_services.lua @@ -251,7 +251,25 @@ if opts and type(opts) == 'table' then group = N }) elseif type(sym) == 'table' then - reg_symbols(sym) + if sym.symbol then + rspamd_config:register_symbol({ + type = 'virtual', + name = sym.symbol, + parent = id, + group = N + }) + + if sym.score then + rspamd_config:set_metric_symbol({ + name = sym.symbol, + score = sym.score, + description = sym.description, + group = sym.group or N, + }) + end + else + reg_symbols(sym) + end end end end |