diff options
Diffstat (limited to 'lualib/lua_scanners')
-rw-r--r-- | lualib/lua_scanners/dcc.lua | 112 | ||||
-rw-r--r-- | lualib/lua_scanners/icap.lua | 117 | ||||
-rw-r--r-- | lualib/lua_scanners/oletools.lua | 112 | ||||
-rw-r--r-- | lualib/lua_scanners/spamassassin.lua | 112 | ||||
-rw-r--r-- | lualib/lua_scanners/vadesecure.lua | 247 |
5 files changed, 349 insertions, 351 deletions
diff --git a/lualib/lua_scanners/dcc.lua b/lualib/lua_scanners/dcc.lua index 9043391d2..e26e666f9 100644 --- a/lualib/lua_scanners/dcc.lua +++ b/lualib/lua_scanners/dcc.lua @@ -29,6 +29,62 @@ local fun = require "fun" local N = 'dcc' +local function dcc_config(opts) + + local dcc_conf = { + name = N, + default_port = 10045, + timeout = 5.0, + log_clean = false, + retransmits = 2, + cache_expire = 7200, -- expire redis in 2h + message = '${SCANNER}: bulk message found: "${VIRUS}"', + detection_category = "hash", + default_score = 1, + action = false, + client = '0.0.0.0', + symbol_fail = 'DCC_FAIL', + symbol = 'DCC_REJECT', + symbol_bulk = 'DCC_BULK', + body_max = 999999, + fuz1_max = 999999, + fuz2_max = 999999, + } + + dcc_conf = lua_util.override_defaults(dcc_conf, opts) + + if not dcc_conf.prefix then + dcc_conf.prefix = 'rs_' .. dcc_conf.name .. '_' + end + + if not dcc_conf.log_prefix then + dcc_conf.log_prefix = dcc_conf.name + end + + if not dcc_conf.servers and dcc_conf.socket then + dcc_conf.servers = dcc_conf.socket + end + + if not dcc_conf.servers then + rspamd_logger.errx(rspamd_config, 'no servers defined') + + return nil + end + + dcc_conf.upstreams = upstream_list.create(rspamd_config, + dcc_conf.servers, + dcc_conf.default_port) + + if dcc_conf.upstreams then + lua_util.add_debug_alias('external_services', dcc_conf.name) + return dcc_conf + end + + rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', + dcc_conf['servers']) + return nil +end + local function dcc_check(task, content, digest, rule) local function dcc_check_uncached () local upstream = rule.upstreams:get_upstream_round_robin() @@ -258,62 +314,6 @@ local function dcc_check(task, content, digest, rule) end end -local function dcc_config(opts) - - local dcc_conf = { - name = N, - default_port = 10045, - timeout = 5.0, - log_clean = false, - retransmits = 2, - cache_expire = 7200, -- expire redis in 2h - message = '${SCANNER}: bulk message found: "${VIRUS}"', - detection_category = "hash", - default_score = 1, - action = false, - client = '0.0.0.0', - symbol_fail = 'DCC_FAIL', - symbol = 'DCC_REJECT', - symbol_bulk = 'DCC_BULK', - body_max = 999999, - fuz1_max = 999999, - fuz2_max = 999999, - } - - dcc_conf = lua_util.override_defaults(dcc_conf, opts) - - if not dcc_conf.prefix then - dcc_conf.prefix = 'rs_' .. dcc_conf.name .. '_' - end - - if not dcc_conf.log_prefix then - dcc_conf.log_prefix = dcc_conf.name - end - - if not dcc_conf.servers and dcc_conf.socket then - dcc_conf.servers = dcc_conf.socket - end - - if not dcc_conf.servers then - rspamd_logger.errx(rspamd_config, 'no servers defined') - - return nil - end - - dcc_conf.upstreams = upstream_list.create(rspamd_config, - dcc_conf.servers, - dcc_conf.default_port) - - if dcc_conf.upstreams then - lua_util.add_debug_alias('external_services', dcc_conf.name) - return dcc_conf - end - - rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', - dcc_conf['servers']) - return nil -end - return { type = {'dcc','bulk', 'hash', 'scanner'}, description = 'dcc bulk scanner', diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua index d00954f41..eec5d0b23 100644 --- a/lualib/lua_scanners/icap.lua +++ b/lualib/lua_scanners/icap.lua @@ -29,6 +29,64 @@ local common = require "lua_scanners/common" local N = 'icap' +local function icap_config(opts) + + local icap_conf = { + name = N, + scan_mime_parts = true, + scan_all_mime_parts = true, + scan_text_mime = false, + scan_image_mime = false, + scheme = "scan", + default_port = 4020, + timeout = 10.0, + log_clean = false, + retransmits = 2, + cache_expire = 7200, -- expire redis in one hour + message = '${SCANNER}: threat found with icap scanner: "${VIRUS}"', + detection_category = "virus", + default_score = 1, + action = false, + } + + icap_conf = lua_util.override_defaults(icap_conf, opts) + + if not icap_conf.prefix then + icap_conf.prefix = 'rs_' .. icap_conf.name .. '_' + end + + if not icap_conf.log_prefix then + icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')' + end + + if not icap_conf.log_prefix then + if icap_conf.name:lower() == icap_conf.type:lower() then + icap_conf.log_prefix = icap_conf.name + else + icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')' + end + end + + if not icap_conf.servers then + rspamd_logger.errx(rspamd_config, 'no servers defined') + + return nil + end + + icap_conf.upstreams = upstream_list.create(rspamd_config, + icap_conf.servers, + icap_conf.default_port) + + if icap_conf.upstreams then + lua_util.add_debug_alias('external_services', icap_conf.name) + return icap_conf + end + + rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', + icap_conf.servers) + return nil +end + local function icap_check(task, content, digest, rule) local function icap_check_uncached () local upstream = rule.upstreams:get_upstream_round_robin() @@ -270,65 +328,6 @@ local function icap_check(task, content, digest, rule) end end - -local function icap_config(opts) - - local icap_conf = { - name = N, - scan_mime_parts = true, - scan_all_mime_parts = true, - scan_text_mime = false, - scan_image_mime = false, - scheme = "scan", - default_port = 4020, - timeout = 10.0, - log_clean = false, - retransmits = 2, - cache_expire = 7200, -- expire redis in one hour - message = '${SCANNER}: threat found with icap scanner: "${VIRUS}"', - detection_category = "virus", - default_score = 1, - action = false, - } - - icap_conf = lua_util.override_defaults(icap_conf, opts) - - if not icap_conf.prefix then - icap_conf.prefix = 'rs_' .. icap_conf.name .. '_' - end - - if not icap_conf.log_prefix then - icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')' - end - - if not icap_conf.log_prefix then - if icap_conf.name:lower() == icap_conf.type:lower() then - icap_conf.log_prefix = icap_conf.name - else - icap_conf.log_prefix = icap_conf.name .. ' (' .. icap_conf.type .. ')' - end - end - - if not icap_conf.servers then - rspamd_logger.errx(rspamd_config, 'no servers defined') - - return nil - end - - icap_conf.upstreams = upstream_list.create(rspamd_config, - icap_conf.servers, - icap_conf.default_port) - - if icap_conf.upstreams then - lua_util.add_debug_alias('external_services', icap_conf.name) - return icap_conf - end - - rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', - icap_conf.servers) - return nil -end - return { type = {N, 'virus', 'virus', 'scanner'}, description = 'generic icap antivirus', diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua index a7d6170d5..3daa76713 100644 --- a/lualib/lua_scanners/oletools.lua +++ b/lualib/lua_scanners/oletools.lua @@ -30,6 +30,62 @@ local common = require "lua_scanners/common" local N = 'oletools' +local function oletools_config(opts) + + local oletools_conf = { + name = N, + scan_mime_parts = true, + scan_text_mime = false, + scan_image_mime = false, + default_port = 10050, + timeout = 15.0, + log_clean = false, + retransmits = 2, + cache_expire = 86400, -- expire redis in 1d + symbol = "OLETOOLS", + message = '${SCANNER}: Oletools threat message found: "${VIRUS}"', + detection_category = "office macro", + default_score = 1, + action = false, + extended = false, + symbol_type = 'postfilter', + dynamic_scan = true, + } + + oletools_conf = lua_util.override_defaults(oletools_conf, opts) + + if not oletools_conf.prefix then + oletools_conf.prefix = 'rs_' .. oletools_conf.name .. '_' + end + + if not oletools_conf.log_prefix then + if oletools_conf.name:lower() == oletools_conf.type:lower() then + oletools_conf.log_prefix = oletools_conf.name + else + oletools_conf.log_prefix = oletools_conf.name .. ' (' .. oletools_conf.type .. ')' + end + end + + if not oletools_conf.servers then + rspamd_logger.errx(rspamd_config, 'no servers defined') + + return nil + end + + oletools_conf.upstreams = upstream_list.create(rspamd_config, + oletools_conf.servers, + oletools_conf.default_port) + + if oletools_conf.upstreams then + lua_util.add_debug_alias('external_services', oletools_conf.name) + return oletools_conf + end + + rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', + oletools_conf.servers) + return nil +end + local function oletools_check(task, content, digest, rule) local function oletools_check_uncached () local upstream = rule.upstreams:get_upstream_round_robin() @@ -262,62 +318,6 @@ local function oletools_check(task, content, digest, rule) end end -local function oletools_config(opts) - - local oletools_conf = { - name = N, - scan_mime_parts = true, - scan_text_mime = false, - scan_image_mime = false, - default_port = 10050, - timeout = 15.0, - log_clean = false, - retransmits = 2, - cache_expire = 86400, -- expire redis in 1d - symbol = "OLETOOLS", - message = '${SCANNER}: Oletools threat message found: "${VIRUS}"', - detection_category = "office macro", - default_score = 1, - action = false, - extended = false, - symbol_type = 'postfilter', - dynamic_scan = true, - } - - oletools_conf = lua_util.override_defaults(oletools_conf, opts) - - if not oletools_conf.prefix then - oletools_conf.prefix = 'rs_' .. oletools_conf.name .. '_' - end - - if not oletools_conf.log_prefix then - if oletools_conf.name:lower() == oletools_conf.type:lower() then - oletools_conf.log_prefix = oletools_conf.name - else - oletools_conf.log_prefix = oletools_conf.name .. ' (' .. oletools_conf.type .. ')' - end - end - - if not oletools_conf.servers then - rspamd_logger.errx(rspamd_config, 'no servers defined') - - return nil - end - - oletools_conf.upstreams = upstream_list.create(rspamd_config, - oletools_conf.servers, - oletools_conf.default_port) - - if oletools_conf.upstreams then - lua_util.add_debug_alias('external_services', oletools_conf.name) - return oletools_conf - end - - rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', - oletools_conf.servers) - return nil -end - return { type = {N, 'attachment scanner', 'hash', 'scanner'}, description = 'oletools office macro scanner', diff --git a/lualib/lua_scanners/spamassassin.lua b/lualib/lua_scanners/spamassassin.lua index 2227de235..860df42dd 100644 --- a/lualib/lua_scanners/spamassassin.lua +++ b/lualib/lua_scanners/spamassassin.lua @@ -28,6 +28,62 @@ local common = require "lua_scanners/common" local N = 'spamassassin' +local function spamassassin_config(opts) + + local spamassassin_conf = { + N = N, + scan_mime_parts = false, + scan_text_mime = false, + scan_image_mime = false, + default_port = 783, + timeout = 15.0, + log_clean = false, + retransmits = 2, + cache_expire = 3600, -- expire redis in one hour + symbol = "SPAMD", + message = '${SCANNER}: Spamassassin bulk message found: "${VIRUS}"', + detection_category = "spam", + default_score = 1, + action = false, + extended = false, + symbol_type = 'postfilter', + dynamic_scan = true, + } + + spamassassin_conf = lua_util.override_defaults(spamassassin_conf, opts) + + if not spamassassin_conf.prefix then + spamassassin_conf.prefix = 'rs_' .. spamassassin_conf.name .. '_' + end + + if not spamassassin_conf.log_prefix then + if spamassassin_conf.name:lower() == spamassassin_conf.type:lower() then + spamassassin_conf.log_prefix = spamassassin_conf.name + else + spamassassin_conf.log_prefix = spamassassin_conf.name .. ' (' .. spamassassin_conf.type .. ')' + end + end + + if not spamassassin_conf.servers then + rspamd_logger.errx(rspamd_config, 'no servers defined') + + return nil + end + + spamassassin_conf.upstreams = upstream_list.create(rspamd_config, + spamassassin_conf.servers, + spamassassin_conf.default_port) + + if spamassassin_conf.upstreams then + lua_util.add_debug_alias('external_services', spamassassin_conf.N) + return spamassassin_conf + end + + rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', + spamassassin_conf.servers) + return nil +end + local function spamassassin_check(task, content, digest, rule) local function spamassassin_check_uncached () local upstream = rule.upstreams:get_upstream_round_robin() @@ -162,62 +218,6 @@ local function spamassassin_check(task, content, digest, rule) end end -local function spamassassin_config(opts) - - local spamassassin_conf = { - N = N, - scan_mime_parts = false, - scan_text_mime = false, - scan_image_mime = false, - default_port = 783, - timeout = 15.0, - log_clean = false, - retransmits = 2, - cache_expire = 3600, -- expire redis in one hour - symbol = "SPAMD", - message = '${SCANNER}: Spamassassin bulk message found: "${VIRUS}"', - detection_category = "spam", - default_score = 1, - action = false, - extended = false, - symbol_type = 'postfilter', - dynamic_scan = true, - } - - spamassassin_conf = lua_util.override_defaults(spamassassin_conf, opts) - - if not spamassassin_conf.prefix then - spamassassin_conf.prefix = 'rs_' .. spamassassin_conf.name .. '_' - end - - if not spamassassin_conf.log_prefix then - if spamassassin_conf.name:lower() == spamassassin_conf.type:lower() then - spamassassin_conf.log_prefix = spamassassin_conf.name - else - spamassassin_conf.log_prefix = spamassassin_conf.name .. ' (' .. spamassassin_conf.type .. ')' - end - end - - if not spamassassin_conf.servers then - rspamd_logger.errx(rspamd_config, 'no servers defined') - - return nil - end - - spamassassin_conf.upstreams = upstream_list.create(rspamd_config, - spamassassin_conf.servers, - spamassassin_conf.default_port) - - if spamassassin_conf.upstreams then - lua_util.add_debug_alias('external_services', spamassassin_conf.N) - return spamassassin_conf - end - - rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', - spamassassin_conf.servers) - return nil -end - return { type = {N,'spam', 'scanner'}, description = 'spamassassin spam scanner', diff --git a/lualib/lua_scanners/vadesecure.lua b/lualib/lua_scanners/vadesecure.lua index 5c986970e..196d55ba4 100644 --- a/lualib/lua_scanners/vadesecure.lua +++ b/lualib/lua_scanners/vadesecure.lua @@ -28,6 +28,129 @@ local common = require "lua_scanners/common" local N = 'vadesecure' +local function vade_config(opts) + + local vade_conf = { + name = N, + default_port = 23808, + url = '/api/v1/scan', + use_https = false, + timeout = 5.0, + log_clean = false, + retransmits = 1, + cache_expire = 7200, -- expire redis in 2h + message = '${SCANNER}: spam message found: "${VIRUS}"', + detection_category = "hash", + default_score = 1, + action = false, + log_spamcause = true, + symbol_fail = 'VADE_FAIL', + symbol = 'VADE_CHECK', + symbols = { + clean = { + symbol = 'VADE_CLEAN', + score = -0.5, + description = 'VadeSecure decided message to be clean' + }, + spam = { + high = { + symbol = 'VADE_SPAM_HIGH', + score = 8.0, + description = 'VadeSecure decided message to be clearly spam' + }, + medium = { + symbol = 'VADE_SPAM_MEDIUM', + score = 5.0, + description = 'VadeSecure decided message to be highly likely spam' + }, + low = { + symbol = 'VADE_SPAM_LOW', + score = 2.0, + description = 'VadeSecure decided message to be likely spam' + }, + }, + malware = { + symbol = 'VADE_MALWARE', + score = 8.0, + description = 'VadeSecure decided message to be malware' + }, + scam = { + symbol = 'VADE_SCAM', + score = 7.0, + description = 'VadeSecure decided message to be scam' + }, + phishing = { + symbol = 'VADE_PHISHING', + score = 8.0, + description = 'VadeSecure decided message to be phishing' + }, + commercial = { + symbol = 'VADE_COMMERCIAL', + score = 0.0, + description = 'VadeSecure decided message to be commercial message' + }, + community = { + symbol = 'VADE_COMMUNITY', + score = 0.0, + description = 'VadeSecure decided message to be community message' + }, + transactional = { + symbol = 'VADE_TRANSACTIONAL', + score = 0.0, + description = 'VadeSecure decided message to be transactional message' + }, + suspect = { + symbol = 'VADE_SUSPECT', + score = 3.0, + description = 'VadeSecure decided message to be suspicious message' + }, + bounce = { + symbol = 'VADE_BOUNCE', + score = 0.0, + description = 'VadeSecure decided message to be bounce message' + }, + other = 'VADE_OTHER', + } + } + + vade_conf = lua_util.override_defaults(vade_conf, opts) + + if not vade_conf.prefix then + vade_conf.prefix = 'rs_' .. vade_conf.name .. '_' + end + + if not vade_conf.log_prefix then + if vade_conf.name:lower() == vade_conf.type:lower() then + vade_conf.log_prefix = vade_conf.name + else + vade_conf.log_prefix = vade_conf.name .. ' (' .. vade_conf.type .. ')' + end + end + + if not vade_conf.servers and vade_conf.socket then + vade_conf.servers = vade_conf.socket + end + + if not vade_conf.servers then + rspamd_logger.errx(rspamd_config, 'no servers defined') + + return nil + end + + vade_conf.upstreams = upstream_list.create(rspamd_config, + vade_conf.servers, + vade_conf.default_port) + + if vade_conf.upstreams then + lua_util.add_debug_alias('external_services', vade_conf.name) + return vade_conf + end + + rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', + vade_conf['servers']) + return nil +end + local function vade_check(task, content, digest, rule) local function vade_url(addr) local url @@ -194,130 +317,6 @@ local function vade_check(task, content, digest, rule) http.request(request_data) end - -local function vade_config(opts) - - local vade_conf = { - name = N, - default_port = 23808, - url = '/api/v1/scan', - use_https = false, - timeout = 5.0, - log_clean = false, - retransmits = 1, - cache_expire = 7200, -- expire redis in 2h - message = '${SCANNER}: spam message found: "${VIRUS}"', - detection_category = "hash", - default_score = 1, - action = false, - log_spamcause = true, - symbol_fail = 'VADE_FAIL', - symbol = 'VADE_CHECK', - symbols = { - clean = { - symbol = 'VADE_CLEAN', - score = -0.5, - description = 'VadeSecure decided message to be clean' - }, - spam = { - high = { - symbol = 'VADE_SPAM_HIGH', - score = 8.0, - description = 'VadeSecure decided message to be clearly spam' - }, - medium = { - symbol = 'VADE_SPAM_MEDIUM', - score = 5.0, - description = 'VadeSecure decided message to be highly likely spam' - }, - low = { - symbol = 'VADE_SPAM_LOW', - score = 2.0, - description = 'VadeSecure decided message to be likely spam' - }, - }, - malware = { - symbol = 'VADE_MALWARE', - score = 8.0, - description = 'VadeSecure decided message to be malware' - }, - scam = { - symbol = 'VADE_SCAM', - score = 7.0, - description = 'VadeSecure decided message to be scam' - }, - phishing = { - symbol = 'VADE_PHISHING', - score = 8.0, - description = 'VadeSecure decided message to be phishing' - }, - commercial = { - symbol = 'VADE_COMMERCIAL', - score = 0.0, - description = 'VadeSecure decided message to be commercial message' - }, - community = { - symbol = 'VADE_COMMUNITY', - score = 0.0, - description = 'VadeSecure decided message to be community message' - }, - transactional = { - symbol = 'VADE_TRANSACTIONAL', - score = 0.0, - description = 'VadeSecure decided message to be transactional message' - }, - suspect = { - symbol = 'VADE_SUSPECT', - score = 3.0, - description = 'VadeSecure decided message to be suspicious message' - }, - bounce = { - symbol = 'VADE_BOUNCE', - score = 0.0, - description = 'VadeSecure decided message to be bounce message' - }, - other = 'VADE_OTHER', - } - } - - vade_conf = lua_util.override_defaults(vade_conf, opts) - - if not vade_conf.prefix then - vade_conf.prefix = 'rs_' .. vade_conf.name .. '_' - end - - if not vade_conf.log_prefix then - if vade_conf.name:lower() == vade_conf.type:lower() then - vade_conf.log_prefix = vade_conf.name - else - vade_conf.log_prefix = vade_conf.name .. ' (' .. vade_conf.type .. ')' - end - end - - if not vade_conf.servers and vade_conf.socket then - vade_conf.servers = vade_conf.socket - end - - if not vade_conf.servers then - rspamd_logger.errx(rspamd_config, 'no servers defined') - - return nil - end - - vade_conf.upstreams = upstream_list.create(rspamd_config, - vade_conf.servers, - vade_conf.default_port) - - if vade_conf.upstreams then - lua_util.add_debug_alias('external_services', vade_conf.name) - return vade_conf - end - - rspamd_logger.errx(rspamd_config, 'cannot parse servers %s', - vade_conf['servers']) - return nil -end - return { type = {'vadesecure', 'scanner'}, description = 'VadeSecure Filterd interface', |