commit 955142d: [Minor] lua_scanners - oletools default config, detection
Carsten Rosenberg
c.rosenberg at heinlein-support.de
Sun Jan 20 20:00:04 UTC 2019
Author: Carsten Rosenberg
Date: 2019-01-20 13:40:47 +0100
URL: https://github.com/rspamd/rspamd/commit/955142d02b401491e2797f98e18d3a347cfd3763
[Minor] lua_scanners - oletools default config, detection
---
lualib/lua_scanners/oletools.lua | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index 7ecea5dbc..f0fdd82b4 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -167,9 +167,10 @@ local function oletools_check(task, content, digest, rule)
m_autoexec = 'A'
table.insert(analysis_keyword_table, a.keyword)
elseif a.type == 'Suspicious' then
- m_suspicious = 'S'
+ if rule.extended == true then m_suspicious = 'S' end
if a.keyword ~= 'Base64 Strings' and a.keyword ~= 'Hex Strings'
then
+ m_suspicious = 'S'
table.insert(analysis_keyword_table, a.keyword)
end
elseif a.type == 'IOCs' then
@@ -251,11 +252,12 @@ local function oletools_config(opts)
scan_mime_parts = false,
scan_text_mime = false,
scan_image_mime = false,
- default_port = 5954,
+ default_port = 10050,
timeout = 15.0,
log_clean = false,
retransmits = 2,
cache_expire = 86400, -- expire redis in 1d
+ symbol = "OLETOOLS",
message = '${SCANNER}: Oletools threat message found: "${VIRUS}"',
detection_category = "office macro",
default_score = 1,
More information about the Commits
mailing list