commit 193fc0d: [Minor] lua_scanners - icap - Kaspersky support (empty header, multiple viruses)
Carsten Rosenberg
c.rosenberg at heinlein-support.de
Mon Jan 28 12:35:03 UTC 2019
Author: Carsten Rosenberg
Date: 2019-01-26 10:27:31 +0100
URL: https://github.com/rspamd/rspamd/commit/193fc0d39126ed23c6fb622c8301aa1f7847ad5f
[Minor] lua_scanners - icap - Kaspersky support (empty header, multiple viruses)
---
lualib/lua_scanners/icap.lua | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua
index 300243337..801db72f6 100644
--- a/lualib/lua_scanners/icap.lua
+++ b/lualib/lua_scanners/icap.lua
@@ -44,8 +44,6 @@ local function icap_check(task, content, digest, rule)
"Encapsulated: null-body=0\r\n\r\n",
}
local size = string.format("%x", tonumber(#content))
- lua_util.debugm(rule.name, task, '%s: size: %s',
- rule.log_prefix, size)
local function get_respond_query()
table.insert(respond_headers, 1,
@@ -69,8 +67,8 @@ local function icap_check(task, content, digest, rule)
if string.find(s, '^ICAP') then
icap_headers['icap'] = s
end
- if string.find(s, '[%a%d-+]-: ') then
- local _,_,key,value = tostring(s):find("([%a%d-+]-):%s(.+)")
+ if string.find(s, '[%a%d-+]-:') then
+ local _,_,key,value = tostring(s):find("([%a%d-+]-):%s?(.+)")
icap_headers[key] = value
end
end
@@ -94,6 +92,14 @@ local function icap_check(task, content, digest, rule)
X-Infection-Found: Type=2; Resolution=2; Threat=Encrypted container violation;
Sophos Strings:
X-Virus-ID: Troj/DocDl-OYC
+ Kaspersky Strings:
+ X-Virus-ID: HEUR:Backdoor.Java.QRat.gen
+ X-Response-Info: blocked
+
+ X-Virus-ID: no threats
+ X-Response-Info: blocked
+
+ X-Response-Info: passed
]] --
if icap_headers['X-Infection-Found'] ~= nil then
@@ -111,10 +117,19 @@ local function icap_check(task, content, digest, rule)
table.insert(threat_string, icap_threat)
end
- elseif icap_headers['X-Virus-ID'] ~= nil then
+ elseif icap_headers['X-Virus-ID'] ~= nil and icap_headers['X-Virus-ID'] ~= "no threats" then
lua_util.debugm(rule.name, task,
'%s: icap X-Virus-ID: %s', rule.log_prefix, icap_headers['X-Virus-ID'])
- table.insert(threat_string, icap_headers['X-Virus-ID'])
+
+ if string.find(icap_headers['X-Virus-ID'], ', ') then
+ local vnames = rspamd_str_split(string.gsub(icap_headers['X-Virus-ID'], "%s", ""), ',') or {}
+
+ for _,v in ipairs(vnames) do
+ table.insert(threat_string, v)
+ end
+ else
+ table.insert(threat_string, icap_headers['X-Virus-ID'])
+ end
end
if #threat_string > 0 then
More information about the Commits
mailing list