diff options
Diffstat (limited to 'src/plugins/lua/antivirus.lua')
| -rw-r--r-- | src/plugins/lua/antivirus.lua | 102 |
1 files changed, 55 insertions, 47 deletions
diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua index 1623d33e8..26b8509b8 100644 --- a/src/plugins/lua/antivirus.lua +++ b/src/plugins/lua/antivirus.lua @@ -27,49 +27,49 @@ local N = "antivirus" if confighelp then rspamd_config:add_example(nil, 'antivirus', - "Check messages for viruses", - [[ -antivirus { - # multiple scanners could be checked, for each we create a configuration block with an arbitrary name - clamav { - # If set force this action if any virus is found (default unset: no action is forced) - # action = "reject"; - # If set, then rejection message is set to this value (mention single quotes) - # message = '${SCANNER}: virus found: "${VIRUS}"'; - # Scan mime_parts separately - otherwise the complete mail will be transferred to AV Scanner - #scan_mime_parts = true; - # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity) - #scan_text_mime = false; - #scan_image_mime = false; - # If `max_size` is set, messages > n bytes in size are not scanned - max_size = 20000000; - # symbol to add (add it to metric if you want non-zero weight) - symbol = "CLAM_VIRUS"; - # type of scanner: "clamav", "fprot", "sophos" or "savapi" - type = "clamav"; - # For "savapi" you must also specify the following variable - product_id = 12345; - # You can enable logging for clean messages - log_clean = true; - # servers to query (if port is unspecified, scanner-specific default is used) - # can be specified multiple times to pool servers - # can be set to a path to a unix socket - # Enable this in local.d/antivirus.conf - servers = "127.0.0.1:3310"; - # if `patterns` is specified virus name will be matched against provided regexes and the related - # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. - patterns { - # symbol_name = "pattern"; - JUST_EICAR = "^Eicar-Test-Signature$"; + "Check messages for viruses", + [[ + antivirus { + # multiple scanners could be checked, for each we create a configuration block with an arbitrary name + clamav { + # If set force this action if any virus is found (default unset: no action is forced) + # action = "reject"; + # If set, then rejection message is set to this value (mention single quotes) + # message = '${SCANNER}: virus found: "${VIRUS}"'; + # Scan mime_parts separately - otherwise the complete mail will be transferred to AV Scanner + #scan_mime_parts = true; + # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity) + #scan_text_mime = false; + #scan_image_mime = false; + # If `max_size` is set, messages > n bytes in size are not scanned + max_size = 20000000; + # symbol to add (add it to metric if you want non-zero weight) + symbol = "CLAM_VIRUS"; + # type of scanner: "clamav", "fprot", "sophos" or "savapi" + type = "clamav"; + # For "savapi" you must also specify the following variable + product_id = 12345; + # You can enable logging for clean messages + log_clean = true; + # servers to query (if port is unspecified, scanner-specific default is used) + # can be specified multiple times to pool servers + # can be set to a path to a unix socket + # Enable this in local.d/antivirus.conf + servers = "127.0.0.1:3310"; + # if `patterns` is specified virus name will be matched against provided regexes and the related + # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. + patterns { + # symbol_name = "pattern"; + JUST_EICAR = "^Eicar-Test-Signature$"; + } + # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. + whitelist = "/etc/rspamd/antivirus.wl"; + # Replace content that exactly matches the following string to the EICAR pattern + # Useful for E2E testing when another party removes/blocks EICAR attachments + #eicar_fake_pattern = 'testpatterneicar'; } - # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. - whitelist = "/etc/rspamd/antivirus.wl"; - # Replace content that exactly matches the following string to the EICAR pattern - # Useful for E2E testing when another party removes/blocks EICAR attachments - #eicar_fake_pattern = 'testpatterneicar'; } -} -]]) + ]]) return end @@ -84,7 +84,9 @@ local function add_antivirus_rule(sym, opts) return nil end - if not opts.symbol then opts.symbol = sym:upper() end + if not opts.symbol then + opts.symbol = sym:upper() + end local cfg = lua_antivirus[opts.type] if not cfg then @@ -106,13 +108,15 @@ local function add_antivirus_rule(sym, opts) -- WORKAROUND for deprecated attachments_only if opts.attachments_only ~= nil then opts.scan_mime_parts = opts.attachments_only - rspamd_logger.warnx(rspamd_config, '%s [%s]: Using attachments_only is deprecated. '.. + rspamd_logger.warnx(rspamd_config, '%s [%s]: Using attachments_only is deprecated. ' .. 'Please use scan_mime_parts = %s instead', opts.symbol, opts.type, opts.attachments_only) end -- WORKAROUND for deprecated attachments_only local rule = cfg.configure(opts) - if not rule then return nil end + if not rule then + return nil + end rule.type = opts.type rule.symbol_fail = opts.symbol_fail @@ -169,7 +173,7 @@ local function add_antivirus_rule(sym, opts) if clen == #opts.eicar_fake_pattern and content == opts.eicar_fake_pattern then rspamd_logger.infox(task, 'found eicar fake replacement part in the part (filename="%s")', - p:get_filename()) + p:get_filename()) content = eicar_pattern end end @@ -190,8 +194,12 @@ if opts and type(opts) == 'table' then local has_valid = false for k, m in pairs(opts) do if type(m) == 'table' then - if not m.type then m.type = k end - if not m.name then m.name = k end + if not m.type then + m.type = k + end + if not m.name then + m.name = k + end local cb = add_antivirus_rule(k, m) if not cb then |