Adding upstream version 3.8.1.upstream/3.8.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 21:30:40 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 21:30:40 +0000
commit: 133a45c109da5310add55824db21af5239951f93 (patch)
tree: ba6ac4c0a950a0dda56451944315d66409923918 /lualib/lua_scanners/sophos.lua
parent: Initial commit. (diff)
download: rspamd-upstream.tar.xz
rspamd-upstream.zip
1 files changed, 192 insertions, 0 deletions
diff --git a/lualib/lua_scanners/sophos.lua b/lualib/lua_scanners/sophos.lua
new file mode 100644
index 0000000..d9b64f1
--- /dev/null
+++ b/lualib/lua_scanners/sophos.lua
@@ -0,0 +1,192 @@
+--[[
+Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+]]--
+
+--[[[
+-- @module savapi
+-- This module contains avira savapi antivirus access functions
+--]]
+
+local lua_util = require "lua_util"
+local tcp = require "rspamd_tcp"
+local upstream_list = require "rspamd_upstream_list"
+local rspamd_logger = require "rspamd_logger"
+local common = require "lua_scanners/common"
+
+local N = "sophos"
+
+local default_message = '${SCANNER}: virus found: "${VIRUS}"'
+
+local function sophos_config(opts)
+  local sophos_conf = {
+    name = N,
+    scan_mime_parts = true,
+    scan_text_mime = false,
+    scan_image_mime = false,
+    default_port = 4010,
+    timeout = 15.0,
+    log_clean = false,
+    retransmits = 2,
+    cache_expire = 3600, -- expire redis in one hour
+    message = default_message,
+    detection_category = "virus",
+  }
+
+  sophos_conf = lua_util.override_defaults(sophos_conf, opts)
+
+  if not sophos_conf.prefix then
+    sophos_conf.prefix = 'rs_' .. sophos_conf.name .. '_'
+  end
+
+  if not sophos_conf.log_prefix then
+    if sophos_conf.name:lower() == sophos_conf.type:lower() then
+      sophos_conf.log_prefix = sophos_conf.name
+    else
+      sophos_conf.log_prefix = sophos_conf.name .. ' (' .. sophos_conf.type .. ')'
+    end
+  end
+
+  if not sophos_conf['servers'] then
+    rspamd_logger.errx(rspamd_config, 'no servers defined')
+
+    return nil
+  end
+
+  sophos_conf['upstreams'] = upstream_list.create(rspamd_config,
+      sophos_conf['servers'],
+      sophos_conf.default_port)
+
+  if sophos_conf['upstreams'] then
+    lua_util.add_debug_alias('antivirus', sophos_conf.name)
+    return sophos_conf
+  end
+
+  rspamd_logger.errx(rspamd_config, 'cannot parse servers %s',
+      sophos_conf['servers'])
+  return nil
+end
+
+local function sophos_check(task, content, digest, rule, maybe_part)
+  local function sophos_check_uncached ()
+    local upstream = rule.upstreams:get_upstream_round_robin()
+    local addr = upstream:get_addr()
+    local retransmits = rule.retransmits
+    local protocol = 'SSSP/1.0\n'
+    local streamsize = string.format('SCANDATA %d\n', #content)
+    local bye = 'BYE\n'
+
+    local function sophos_callback(err, data, conn)
+
+      if err then
+        -- retry with another upstream until retransmits exceeds
+        if retransmits > 0 then
+
+          retransmits = retransmits - 1
+
+          -- Select a different upstream!
+          upstream = rule.upstreams:get_upstream_round_robin()
+          addr = upstream:get_addr()
+
+          lua_util.debugm(rule.name, task, '%s: error: %s; retry IP: %s; retries left: %s',
+              rule.log_prefix, err, addr, retransmits)
+
+          tcp.request({
+            task = task,
+            host = addr:to_string(),
+            port = addr:get_port(),
+            upstream = upstream,
+            timeout = rule['timeout'],
+            callback = sophos_callback,
+            data = { protocol, streamsize, content, bye }
+          })
+        else
+          rspamd_logger.errx(task, '%s [%s]: failed to scan, maximum retransmits exceed', rule['symbol'], rule['type'])
+          common.yield_result(task, rule, 'failed to scan and retransmits exceed',
+              0.0, 'fail', maybe_part)
+        end
+      else
+        data = tostring(data)
+        lua_util.debugm(rule.name, task,
+            '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
+        local vname = string.match(data, 'VIRUS (%S+) ')
+        local cached
+        if vname then
+          common.yield_result(task, rule, vname, 1.0, nil, maybe_part)
+          common.save_cache(task, digest, rule, vname, 1.0, maybe_part)
+        else
+          if string.find(data, 'DONE OK') then
+            if rule['log_clean'] then
+              rspamd_logger.infox(task, '%s: message or mime_part is clean', rule.log_prefix)
+            else
+              lua_util.debugm(rule.name, task,
+                  '%s: message or mime_part is clean', rule.log_prefix)
+            end
+            cached = 'OK'
+            -- not finished - continue
+          elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then
+            conn:add_read(sophos_callback)
+          elseif string.find(data, 'FAIL 0212') then
+            rspamd_logger.warnx(task, 'Message is encrypted (FAIL 0212): %s', data)
+            common.yield_result(task, rule, 'SAVDI: Message is encrypted (FAIL 0212)',
+                0.0, 'encrypted', maybe_part)
+            cached = 'ENCRYPTED'
+          elseif string.find(data, 'REJ 4') then
+            rspamd_logger.warnx(task, 'Message is oversized (REJ 4): %s', data)
+            common.yield_result(task, rule, 'SAVDI: Message oversized (REJ 4)',
+                0.0, 'fail', maybe_part)
+            -- explicitly set REJ1 message when SAVDIreports a protocol error
+          elseif string.find(data, 'REJ 1') then
+            rspamd_logger.errx(task, 'SAVDI (Protocol error (REJ 1)): %s', data)
+            common.yield_result(task, rule, 'SAVDI: Protocol error (REJ 1)',
+                0.0, 'fail', maybe_part)
+          else
+            rspamd_logger.errx(task, 'unhandled response: %s', data)
+            common.yield_result(task, rule, 'unhandled response: ' .. data,
+                0.0, 'fail', maybe_part)
+          end
+          if cached then
+            common.save_cache(task, digest, rule, cached, 1.0, maybe_part)
+          end
+        end
+      end
+    end
+
+    tcp.request({
+      task = task,
+      host = addr:to_string(),
+      port = addr:get_port(),
+      upstream = upstream,
+      timeout = rule['timeout'],
+      callback = sophos_callback,
+      data = { protocol, streamsize, content, bye }
+    })
+  end
+
+  if common.condition_check_and_continue(task, content, rule, digest,
+      sophos_check_uncached, maybe_part) then
+    return
+  else
+    sophos_check_uncached()
+  end
+
+end
+
+return {
+  type = 'antivirus',
+  description = 'sophos antivirus',
+  configure = sophos_config,
+  check = sophos_check,
+  name = N
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 21:30:40 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 21:30:40 +0000
commit	133a45c109da5310add55824db21af5239951f93 (patch)
tree	ba6ac4c0a950a0dda56451944315d66409923918 /lualib/lua_scanners/sophos.lua
parent	Initial commit. (diff)
download	rspamd-upstream.tar.xz rspamd-upstream.zip