From e45b99bdb699922e4558b2ff28ea5f85a8968d93 Mon Sep 17 00:00:00 2001 From: Carsten Rosenberg Date: Tue, 8 Oct 2019 21:00:31 +0200 Subject: [Minor] lua_scanners - adopt excrypted / macro support --- lualib/lua_scanners/oletools.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lualib/lua_scanners/oletools.lua') diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua index 4bdf7747d..8474a1847 100644 --- a/lualib/lua_scanners/oletools.lua +++ b/lualib/lua_scanners/oletools.lua @@ -184,6 +184,11 @@ local function oletools_check(task, content, digest, rule) end elseif result[3]['return_code'] == 9 then rspamd_logger.warnx(task, '%s: File is encrypted.', rule.log_prefix) + common.yield_result(task, rule, 'failed - err: ' .. oletools_rc[result[3]['return_code']], 0.0, 'encrypted') + common.save_cache(task, digest, rule, 'encrypted') + elseif result[3]['return_code'] == 5 then + rspamd_logger.warnx(task, '%s: olefy could not open the file - error: %s', rule.log_prefix, + result[2]['message']) common.yield_result(task, rule, 'failed - err: ' .. oletools_rc[result[3]['return_code']], 0.0, 'fail') elseif result[3]['return_code'] > 6 then rspamd_logger.errx(task, '%s: Error Returned: %s', @@ -196,7 +201,7 @@ local function oletools_check(task, content, digest, rule) rule.log_prefix, result[2]['message']) oletools_requery(oletools_rc[result[3]['return_code']]) elseif type(result[2]['analysis']) == 'table' and #result[2]['analysis'] == 0 - and #result[2]['macros'] == 0 then + and #result[2]['macros'] == 0 then rspamd_logger.warnx(task, '%s: maybe unhandled python or oletools error', rule.log_prefix) common.yield_result(task, rule, 'oletools unhandled error', 0.0, 'fail') elseif type(result[2]['analysis']) ~= 'table' and #result[2]['macros'] == 0 then -- cgit v1.2.3