pool/rspamd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

missing files

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:mail/rspamd?expand=0&rev=26
This commit is contained in:
Marcus Rückert 2018-10-19 18:29:55 +00:00 committed by Git OBS Bridge
parent 50b0857a6a
commit 444e00eb41
3 changed files with 3 additions and 773 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

770
5093631ddd4d3389cddaaa95865dc4a23143a10f.patch
View File

@ -1,770 +0,0 @@
From 37e36c1cdc313152df847b4b8e83bb2188db8c7d Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Wed, 26 Sep 2018 11:20:27 +0200
Subject: [PATCH 1/7] [Minor] DCC Upstreams support
---
conf/modules.d/dcc.conf | 12 +++--
src/plugins/lua/dcc.lua | 112 +++++++++++++++++++++++++++++-----------
2 files changed, 91 insertions(+), 33 deletions(-)
diff --git a/conf/modules.d/dcc.conf b/conf/modules.d/dcc.conf
index ea774bdca..d7622374a 100644
--- a/conf/modules.d/dcc.conf
+++ b/conf/modules.d/dcc.conf
@@ -14,10 +14,14 @@
# See https://rspamd.com/doc/tutorials/writing_rules.html for details
dcc {
- # host = "/var/dcc/dccifd";
- # Port is only required if `dccifd` listens on a TCP socket
- # port = 1234
- timeout = 2s;
+
+ enabled = false;
+
+ # Define local socket or TCP servers in upstreams syntax
+ # When sockets and servers are definined - servers is used!
+ socket = "/var/dcc/dccifd"; # Unix socket
+ #servers = "127.0.0.1:10045" # OR TCP upstreams
+ timeout = 2s; # Timeout to wait for checks
.include(try=true,priority=5) "${DBDIR}/dynamic/dcc.conf"
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dcc.conf"
diff --git a/src/plugins/lua/dcc.lua b/src/plugins/lua/dcc.lua
index 131c83d36..aa3838bcb 100644
--- a/src/plugins/lua/dcc.lua
+++ b/src/plugins/lua/dcc.lua
@@ -20,8 +20,10 @@ limitations under the License.
local N = 'dcc'
local symbol_bulk = "DCC_BULK"
local opts = rspamd_config:get_all_opt(N)
-local logger = require "rspamd_logger"
+local rspamd_logger = require "rspamd_logger"
+local lua_util = require "lua_util"
local tcp = require "rspamd_tcp"
+local upstream_list = require "rspamd_upstream_list"
local fun = require "fun"
local lua_util = require "lua_util"
@@ -30,8 +32,8 @@ if confighelp then
"Check messages for 'bulkiness' using DCC",
[[
dcc {
- host = "/var/dcc/dccifd"; # Unix socket or hostname
- port = 1234 # Port to use (needed for TCP socket)
+ socket = "/var/dcc/dccifd"; # Unix socket
+ servers = "127.0.0.1:10045" # OR TCP upstreams
timeout = 2s; # Timeout to wait for checks
}
]])
@@ -42,6 +44,22 @@ local function check_dcc (task)
-- Connection
local client = '0.0.0.0'
local client_ip = task:get_from_ip()
+ local dcc_upstream = nil
+ local upstream = nil
+ local addr = nil
+ local port = nil
+ local retransmits = 2
+
+ if opts['servers'] then
+ dcc_upstream = upstream_list.create(rspamd_config, opts['servers'])
+ upstream = dcc_upstream:get_upstream_round_robin()
+ addr = upstream:get_addr()
+ port = addr:get_port()
+ else
+ lua_util.debugm(N, task, 'using socket %s', opts['socket'])
+ addr = opts['socket']
+ end
+
if client_ip and client_ip:is_valid() then
client = client_ip:to_string()
end
@@ -74,27 +92,64 @@ local function check_dcc (task)
-- Callback function to receive async result from DCC
local function cb(err, data)
- if (err) then
- logger.warnx(task, 'DCC error: %1', err)
- return
- end
- -- Parse the response
- local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n")
- logger.debugm(N, task, 'DCC result=%1 disposition=%2 header="%3"',
- result, disposition, header)
-
- if header then
- local _,_,info = header:find("; (.-)$")
- if (result == 'R') then
- -- Reject
- task:insert_result(symbol_bulk, 1.0, info)
- elseif (result == 'T') then
- -- Temporary failure
- logger.warnx(task, 'DCC returned a temporary failure result')
+
+ if err then
+ if retransmits > 0 then
+ retransmits = retransmits - 1
+ -- Select a different upstream or the socket again
+ if opts['servers'] then
+ upstream = dcc_upstream:get_upstream_round_robin()
+ addr = upstream:get_addr()
+ port = addr:get_port()
+ else
+ addr = opts['socket']
+ end
+
+ lua_util.debugm(N, task, "sending query to %s:%s",tostring(addr), port)
+
+ data = {
+ "header\n",
+ client .. "\n",
+ helo .. "\n",
+ envfrom .. "\n",
+ envrcpt .. "\n",
+ "\n",
+ task:get_content()
+ }
+
+ tcp.request({
+ task = task,
+ host = tostring(addr),
+ port = port or 1,
+ timeout = opts['timeout'] or 2.0,
+ shutdown = true,
+ data = data,
+ callback = cb
+ })
+
else
- if result ~= 'A' and result ~= 'G' and result ~= 'S' then
- -- Unknown result
- logger.warnx(task, 'DCC result error: %1', result);
+ rspamd_logger.errx(task, 'failed to scan, maximum retransmits exceed')
+ upstream:fail()
+ end
+ else
+ -- Parse the response
+ local _,_,result,disposition,header = tostring(data):find("(.-)\n(.-)\n(.-)\n")
+ lua_util.debugm(N, task, 'DCC result=%1 disposition=%2 header="%3"',
+ result, disposition, header)
+
+ if header then
+ local _,_,info = header:find("; (.-)$")
+ if (result == 'R') then
+ -- Reject
+ task:insert_result(symbol_bulk, 1.0, info)
+ elseif (result == 'T') then
+ -- Temporary failure
+ rspamd_logger.warnx(task, 'DCC returned a temporary failure result')
+ else
+ if result ~= 'A' and result ~= 'G' and result ~= 'S' then
+ -- Unknown result
+ rspamd_logger.warnx(task, 'DCC result error: %1', result);
+ end
end
end
end
@@ -112,13 +167,12 @@ local function check_dcc (task)
task:get_content()
}
- logger.debugm(N, task, 'sending to dcc: client=%1 helo="%2" envfrom="%3" envrcpt="%4"',
- client, helo, envfrom, envrcpt)
+ rspamd_logger.warnx(task, "sending to %s:%s",tostring(addr), port)
tcp.request({
task = task,
- host = opts['host'],
- port = opts['port'] or 1,
+ host = tostring(addr),
+ port = port or 1,
timeout = opts['timeout'] or 2.0,
shutdown = true,
data = data,
@@ -127,7 +181,7 @@ local function check_dcc (task)
end
-- Configuration
-if opts and opts['host'] then
+if opts and ( opts['servers'] or opts['socket'] ) then
rspamd_config:register_symbol({
name = symbol_bulk,
callback = check_dcc
@@ -141,5 +195,5 @@ if opts and opts['host'] then
})
else
lua_util.disable_module(N, "config")
- logger.infox('DCC module not configured');
+ rspamd_logger.infox('DCC module not configured');
end
From 39a49396e3572f48ba566912888a163fc750fff6 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Wed, 26 Sep 2018 14:30:51 +0200
Subject: [PATCH 2/7] [Minor] Antivirus - rework upstream usage
---
src/plugins/lua/antivirus.lua | 212 +++++++++++++++++++---------------
1 file changed, 120 insertions(+), 92 deletions(-)
diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua
index 46ea8c40d..976e521f4 100644
--- a/src/plugins/lua/antivirus.lua
+++ b/src/plugins/lua/antivirus.lua
@@ -35,8 +35,11 @@ antivirus {
# action = "reject";
# If set, then rejection message is set to this value (mention single quotes)
# message = '${SCANNER}: virus found: "${VIRUS}"';
- # if `true` only messages with non-image attachments will be checked (default true)
- attachments_only = true;
+ # Scan mime_parts seperately - otherwise the complete mail will be transfered to AV Scanner
+ #scan_mime_parts = true;
+ # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity)
+ #scan_text_mime = false;
+ #scan_image_mime = false;
# If `max_size` is set, messages > n bytes in size are not scanned
max_size = 20000000;
# symbol to add (add it to metric if you want non-zero weight)
@@ -126,7 +129,9 @@ end
local function clamav_config(opts)
local clamav_conf = {
- attachments_only = true,
+ scan_mime_parts = true;
+ scan_text_mime = false;
+ scan_image_mime = false;
default_port = 3310,
log_clean = false,
timeout = 15.0,
@@ -164,7 +169,9 @@ end
local function fprot_config(opts)
local fprot_conf = {
- attachments_only = true,
+ scan_mime_parts = true;
+ scan_text_mime = false;
+ scan_image_mime = false;
default_port = 10200,
timeout = 15.0,
log_clean = false,
@@ -202,7 +209,9 @@ end
local function sophos_config(opts)
local sophos_conf = {
- attachments_only = true,
+ scan_mime_parts = true;
+ scan_text_mime = false;
+ scan_image_mime = false;
default_port = 4010,
timeout = 15.0,
log_clean = false,
@@ -240,7 +249,9 @@ end
local function savapi_config(opts)
local savapi_conf = {
- attachments_only = true,
+ scan_mime_parts = true;
+ scan_text_mime = false;
+ scan_image_mime = false;
default_port = 4444, -- note: You must set ListenAddress in savapi.conf
product_id = 0,
log_clean = false,
@@ -378,30 +389,32 @@ local function fprot_check(task, content, digest, rule)
local function fprot_callback(err, data)
if err then
- if err == 'IO timeout' then
- if retransmits > 0 then
- retransmits = retransmits - 1
- -- Select a different upstream!
- upstream = rule.upstreams:get_upstream_round_robin()
- addr = upstream:get_addr()
- tcp.request({
- task = task,
- host = addr:to_string(),
- port = addr:get_port(),
- timeout = rule['timeout'],
- callback = fprot_callback,
- data = { header, content, footer },
- stop_pattern = '\n'
- })
- else
- rspamd_logger.errx(task, 'failed to scan, maximum retransmits exceed')
- task:insert_result(rule['symbol_fail'], 0.0, 'retransmits exceed')
- upstream:fail()
- end
+ -- set current upstream to fail because an error occurred
+ upstream:fail()
+
+ -- retry with another upstream until retransmits exceeds
+ if retransmits > 0 then
+
+ retransmits = retransmits - 1
+
+ -- Select a different upstream!
+ upstream = rule.upstreams:get_upstream_round_robin()
+ addr = upstream:get_addr()
+
+ lua_util.debugm(N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+
+ tcp.request({
+ task = task,
+ host = addr:to_string(),
+ port = addr:get_port(),
+ timeout = rule['timeout'],
+ callback = fprot_callback,
+ data = { header, content, footer },
+ stop_pattern = '\n'
+ })
else
- rspamd_logger.errx(task, 'failed to scan: %s', err)
- task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan')
- upstream:fail()
+ rspamd_logger.errx(task, '%s [%s]: failed to scan, maximum retransmits exceed', rule['symbol'], rule['type'])
+ task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and retransmits exceed')
end
else
upstream:ok()
@@ -411,7 +424,7 @@ local function fprot_check(task, content, digest, rule)
if clean then
cached = 'OK'
if rule['log_clean'] then
- rspamd_logger.infox(task, '%s [%s]: message is clean', rule['symbol'], rule['type'])
+ rspamd_logger.infox(task, '%s [%s]: message or mime_part is clean', rule['symbol'], rule['type'])
end
else
-- returncodes: 1: infected, 2: suspicious, 3: both, 4-255: some error occured
@@ -461,32 +474,35 @@ local function clamav_check(task, content, digest, rule)
local function clamav_callback(err, data)
if err then
- if err == 'IO timeout' then
- if retransmits > 0 then
- retransmits = retransmits - 1
- -- Select a different upstream!
- upstream = rule.upstreams:get_upstream_round_robin()
- addr = upstream:get_addr()
- tcp.request({
- task = task,
- host = addr:to_string(),
- port = addr:get_port(),
- timeout = rule['timeout'],
- callback = clamav_callback,
- data = { header, content, footer },
- stop_pattern = '\0'
- })
- else
- rspamd_logger.errx(task, 'failed to scan, maximum retransmits exceed')
- task:insert_result(rule['symbol_fail'], 0.0, 'retransmits exceed')
- upstream:fail()
- end
+ -- set current upstream to fail because an error occurred
+ upstream:fail()
+
+ -- retry with another upstream until retransmits exceeds
+ if retransmits > 0 then
+
+ retransmits = retransmits - 1
+
+ -- Select a different upstream!
+ upstream = rule.upstreams:get_upstream_round_robin()
+ addr = upstream:get_addr()
+
+ lua_util.debugm(N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+
+ tcp.request({
+ task = task,
+ host = addr:to_string(),
+ port = addr:get_port(),
+ timeout = rule['timeout'],
+ callback = clamav_callback,
+ data = { header, content, footer },
+ stop_pattern = '\0'
+ })
else
- rspamd_logger.errx(task, 'failed to scan: %s', err)
- task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan')
- upstream:fail()
+ rspamd_logger.errx(task, '%s [%s]: failed to scan, maximum retransmits exceed', rule['symbol'], rule['type'])
+ task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and retransmits exceed')
end
+
else
upstream:ok()
data = tostring(data)
@@ -495,9 +511,9 @@ local function clamav_check(task, content, digest, rule)
if data == 'stream: OK' then
cached = 'OK'
if rule['log_clean'] then
- rspamd_logger.infox(task, '%s [%s]: message is clean', rule['symbol'], rule['type'])
+ rspamd_logger.infox(task, '%s [%s]: message or mime_part is clean', rule['symbol'], rule['type'])
else
- lua_util.debugm(N, task, '%s [%s]: message is clean', rule['symbol'], rule['type'])
+ lua_util.debugm(N, task, '%s [%s]: message or mime_part is clean', rule['symbol'], rule['type'])
end
else
local vname = string.match(data, 'stream: (.+) FOUND')
@@ -547,12 +563,21 @@ local function sophos_check(task, content, digest, rule)
local function sophos_callback(err, data, conn)
if err then
- if err == 'IO timeout' then
+
+ -- set current upstream to fail because an error occurred
+ upstream:fail()
+
+ -- retry with another upstream until retransmits exceeds
if retransmits > 0 then
+
retransmits = retransmits - 1
+
-- Select a different upstream!
upstream = rule.upstreams:get_upstream_round_robin()
addr = upstream:get_addr()
+
+ lua_util.debugm(N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+
tcp.request({
task = task,
host = addr:to_string(),
@@ -562,15 +587,9 @@ local function sophos_check(task, content, digest, rule)
data = { protocol, streamsize, content, bye }
})
else
- rspamd_logger.errx(task, 'failed to scan, maximum retransmits exceed')
- task:insert_result(rule['symbol_fail'], 0.0, 'retransmits exceed')
- upstream:fail()
+ rspamd_logger.errx(task, '%s [%s]: failed to scan, maximum retransmits exceed', rule['symbol'], rule['type'])
+ task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and retransmits exceed')
end
- else
- rspamd_logger.errx(task, 'failed to scan: %s', err)
- task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan')
- upstream:fail()
- end
else
upstream:ok()
data = tostring(data)
@@ -581,29 +600,35 @@ local function sophos_check(task, content, digest, rule)
else
if string.find(data, 'DONE OK') then
if rule['log_clean'] then
- rspamd_logger.infox(task, '%s [%s]: message is clean', rule['symbol'], rule['type'])
+ rspamd_logger.infox(task, '%s [%s]: message or mime_part is clean', rule['symbol'], rule['type'])
end
save_av_cache(task, digest, rule, 'OK')
+ -- not finished - continue
+ elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then
+ conn:add_read(sophos_callback)
+ -- set pseudo virus if configured, else do nothing since it's no fatal
elseif string.find(data, 'FAIL 0212') then
+ rspamd_logger.infox(task, 'Message is ENCRYPTED (0212 SOPHOS_SAVI_ERROR_FILE_ENCRYPTED): %s', data)
if rule['savdi_report_encrypted'] then
- rspamd_logger.infox(task, 'Message is ENCRYPTED (0212 SOPHOS_SAVI_ERROR_FILE_ENCRYPTED): %s', data)
yield_result(task, rule, "SAVDI_FILE_ENCRYPTED")
save_av_cache(task, digest, rule, "SAVDI_FILE_ENCRYPTED")
end
+ -- set pseudo virus if configured, else do nothing since it's no fatal
elseif string.find(data, 'REJ 4') then
if rule['savdi_report_oversize'] then
rspamd_logger.infox(task, 'Message is OVERSIZED (SSSP reject code 4): %s', data)
- yield_result(task, digest, rule, "SAVDI_FILE_OVERSIZED")
+ yield_result(task, rule, "SAVDI_FILE_OVERSIZED")
save_av_cache(task, digest, rule, "SAVDI_FILE_OVERSIZED")
end
+ -- excplicitly set REJ1 message when SAVDIreports a protocol error
elseif string.find(data, 'REJ 1') then
rspamd_logger.errx(task, 'SAVDI (Protocol error (REJ 1)): %s', data)
- elseif string.find(data, 'ACC') or string.find(data, 'OK SSSP') then
- conn:add_read(sophos_callback)
+ task:insert_result(rule['symbol_fail'], 0.0, 'SAVDI (Protocol error (REJ 1)):' .. data)
else
rspamd_logger.errx(task, 'unhandled response: %s', data)
task:insert_result(rule['symbol_fail'], 0.0, 'unhandled response')
end
+
end
end
end
@@ -666,7 +691,7 @@ local function savapi_check(task, content, digest, rule)
-- Terminal response - clean
if string.find(result, '200') or string.find(result, '210') then
if rule['log_clean'] then
- rspamd_logger.infox(task, '%s: message is clean', rule['type'])
+ rspamd_logger.infox(task, '%s: message or mime_part is clean', rule['type'])
end
save_av_cache(task, digest, rule, 'OK')
conn:add_write(savapi_fin_cb, 'QUIT\n')
@@ -715,29 +740,32 @@ local function savapi_check(task, content, digest, rule)
local function savapi_callback_init(err, data, conn)
if err then
- if err == 'IO timeout' then
- if retransmits > 0 then
- retransmits = retransmits - 1
- -- Select a different upstream!
- upstream = rule.upstreams:get_upstream_round_robin()
- addr = upstream:get_addr()
- tcp.request({
- task = task,
- host = addr:to_string(),
- port = addr:get_port(),
- timeout = rule['timeout'],
- callback = savapi_callback_init,
- stop_pattern = {'\n'},
- })
- else
- rspamd_logger.errx(task, 'failed to scan, maximum retransmits exceed')
- upstream:fail()
- task:insert_result(rule['symbol_fail'], 0.0, 'retransmits exceed')
- end
+
+ -- set current upstream to fail because an error occurred
+ upstream:fail()
+
+ -- retry with another upstream until retransmits exceeds
+ if retransmits > 0 then
+
+ retransmits = retransmits - 1
+
+ -- Select a different upstream!
+ upstream = rule.upstreams:get_upstream_round_robin()
+ addr = upstream:get_addr()
+
+ lua_util.debugm(N, task, '%s [%s]: retry IP: %s', rule['symbol'], rule['type'], addr)
+
+ tcp.request({
+ task = task,
+ host = addr:to_string(),
+ port = addr:get_port(),
+ timeout = rule['timeout'],
+ callback = savapi_callback_init,
+ stop_pattern = {'\n'},
+ })
else
- rspamd_logger.errx(task, 'failed to scan: %s', err)
- task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan')
- upstream:fail()
+ rspamd_logger.errx(task, '%s [%s]: failed to scan, maximum retransmits exceed', rule['symbol'], rule['type'])
+ task:insert_result(rule['symbol_fail'], 0.0, 'failed to scan and retransmits exceed')
end
else
upstream:ok()
From bb58fb5440a4bc4dc02abbf7f61faa9bf01f17b6 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Wed, 26 Sep 2018 14:31:47 +0200
Subject: [PATCH 3/7] [Minor] Antivirus - configureable mime_part scanning
---
conf/modules.d/antivirus.conf | 8 ++++++--
src/plugins/lua/antivirus.lua | 10 ++++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/conf/modules.d/antivirus.conf b/conf/modules.d/antivirus.conf
index 16f38fbda..803820dbb 100644
--- a/conf/modules.d/antivirus.conf
+++ b/conf/modules.d/antivirus.conf
@@ -18,8 +18,12 @@ antivirus {
clamav {
# If set force this action if any virus is found (default unset: no action is forced)
# action = "reject";
- # if `true` only messages with non-image attachments will be checked (default true)
- attachments_only = true;
+ # message = '${SCANNER}: virus found: "${VIRUS}"';
+ # Scan mime_parts seperately - otherwise the complete mail will be transfered to AV Scanner
+ #scan_mime_parts = true;
+ # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity)
+ #scan_text_mime = false;
+ #scan_image_mime = false;
# If `max_size` is set, messages > n bytes in size are not scanned
#max_size = 20000000;
# symbol to add (add it to metric if you want non-zero weight)
diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua
index 976e521f4..047035fc1 100644
--- a/src/plugins/lua/antivirus.lua
+++ b/src/plugins/lua/antivirus.lua
@@ -871,11 +871,17 @@ local function add_antivirus_rule(sym, opts)
end
return function(task)
- if rule.attachments_only then
+ if rule.scan_mime_parts then
local parts = task:get_parts() or {}
for _,p in ipairs(parts) do
- if not p:is_image() and not p:is_text() and not p:is_multipart() then
+ if (
+ (p:is_image() and rule.scan_image_mime)
+ or (p:is_text() and rule.scan_text_mime)
+ or (p:is_multipart() and rule.scan_text_mime)
+ or (not p:is_image() and not p:is_text() and not p:is_multipart())
+ ) then
+
local content = p:get_content()
if content and #content > 0 then
From 02bcd241a401e8777ecd28fdec65a0f50efac431 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Fri, 28 Sep 2018 10:24:26 +0200
Subject: [PATCH 4/7] [Minor] Antivirus - workaround for removed
attachments_only
---
src/plugins/lua/antivirus.lua | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua
index 047035fc1..760a26dcc 100644
--- a/src/plugins/lua/antivirus.lua
+++ b/src/plugins/lua/antivirus.lua
@@ -829,6 +829,14 @@ local function add_antivirus_rule(sym, opts)
opts['symbol_fail'] = string.upper(opts['type']) .. '_FAIL'
end
+ -- WORKAROUND for deprecated attachments_only
+ if opts['attachments_only'] ~= nil then
+ opts['scan_mime_parts'] = opts['attachments_only']
+ rspamd_logger.warnx(rspamd_config, '%s [%s]: Using attachments_only is deprecated. '..
+ 'Please use scan_mime_parts = %s instead', opts['symbol'], opts['type'], opts['attachments_only'])
+ end
+ -- WORKAROUND for deprecated attachments_only
+
if not cfg then
rspamd_logger.errx(rspamd_config, 'unknown antivirus type: %s',
opts['type'])
From 455af155e37c9a942f5ca6e78d8dc636d355df47 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Fri, 28 Sep 2018 10:25:33 +0200
Subject: [PATCH 5/7] [Minor] Antivirus - Sophos config and loggins
---
src/plugins/lua/antivirus.lua | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/plugins/lua/antivirus.lua b/src/plugins/lua/antivirus.lua
index 760a26dcc..5080a1c2a 100644
--- a/src/plugins/lua/antivirus.lua
+++ b/src/plugins/lua/antivirus.lua
@@ -218,6 +218,8 @@ local function sophos_config(opts)
retransmits = 2,
cache_expire = 3600, -- expire redis in one hour
message = default_message,
+ savdi_report_encrypted = false,
+ savdi_report_oversize = false,
}
for k,v in pairs(opts) do
@@ -593,6 +595,7 @@ local function sophos_check(task, content, digest, rule)
else
upstream:ok()
data = tostring(data)
+ lua_util.debugm(N, task, '%s [%s]: got reply: %s', rule['symbol'], rule['type'], data)
local vname = string.match(data, 'VIRUS (%S+) ')
if vname then
yield_result(task, rule, vname)
@@ -601,6 +604,8 @@ local function sophos_check(task, content, digest, rule)
if string.find(data, 'DONE OK') then
if rule['log_clean'] then
rspamd_logger.infox(task, '%s [%s]: message or mime_part is clean', rule['symbol'], rule['type'])
+ else
+ lua_util.debugm(N, task, '%s [%s]: message or mime_part is clean', rule['symbol'], rule['type'])
end
save_av_cache(task, digest, rule, 'OK')
-- not finished - continue
@@ -613,12 +618,15 @@ local function sophos_check(task, content, digest, rule)
yield_result(task, rule, "SAVDI_FILE_ENCRYPTED")
save_av_cache(task, digest, rule, "SAVDI_FILE_ENCRYPTED")
end
- -- set pseudo virus if configured, else do nothing since it's no fatal
+ -- set pseudo virus if configured, else set fail since part was not scanned
elseif string.find(data, 'REJ 4') then
if rule['savdi_report_oversize'] then
- rspamd_logger.infox(task, 'Message is OVERSIZED (SSSP reject code 4): %s', data)
+ rspamd_logger.infox(task, 'SAVDI: Message is OVERSIZED (SSSP reject code 4): %s', data)
yield_result(task, rule, "SAVDI_FILE_OVERSIZED")
save_av_cache(task, digest, rule, "SAVDI_FILE_OVERSIZED")
+ else
+ rspamd_logger.errx(task, 'SAVDI: Message is OVERSIZED (SSSP reject code 4): %s', data)
+ task:insert_result(rule['symbol_fail'], 0.0, 'Message is OVERSIZED (SSSP reject code 4):' .. data)
end
-- excplicitly set REJ1 message when SAVDIreports a protocol error
elseif string.find(data, 'REJ 1') then
From 21d9f2d8539c652e0641e114312fbcb70d10a115 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Fri, 28 Sep 2018 13:34:38 +0200
Subject: [PATCH 6/7] [Fix] DCC - luacheck
---
src/plugins/lua/dcc.lua | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/plugins/lua/dcc.lua b/src/plugins/lua/dcc.lua
index aa3838bcb..30584e1e0 100644
--- a/src/plugins/lua/dcc.lua
+++ b/src/plugins/lua/dcc.lua
@@ -25,7 +25,6 @@ local lua_util = require "lua_util"
local tcp = require "rspamd_tcp"
local upstream_list = require "rspamd_upstream_list"
local fun = require "fun"
-local lua_util = require "lua_util"
if confighelp then
rspamd_config:add_example(nil, 'dcc',
@@ -44,10 +43,10 @@ local function check_dcc (task)
-- Connection
local client = '0.0.0.0'
local client_ip = task:get_from_ip()
- local dcc_upstream = nil
- local upstream = nil
- local addr = nil
- local port = nil
+ local dcc_upstream
+ local upstream
+ local addr
+ local port
local retransmits = 2
if opts['servers'] then
From 6c4c2662c2c44222d4205db839d7f2d1566b9a78 Mon Sep 17 00:00:00 2001
From: Carsten Rosenberg <c.rosenberg@heinlein-support.de>
Date: Fri, 28 Sep 2018 16:49:11 +0200
Subject: [PATCH 7/7] [Minor] DCC - add workaround for old host and port
settings
---
src/plugins/lua/dcc.lua | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/plugins/lua/dcc.lua b/src/plugins/lua/dcc.lua
index 30584e1e0..311dc608e 100644
--- a/src/plugins/lua/dcc.lua
+++ b/src/plugins/lua/dcc.lua
@@ -180,6 +180,20 @@ local function check_dcc (task)
end
-- Configuration
+
+-- WORKAROUND for deprecated host and port settings
+if opts['host'] ~= nil and opts['port'] ~= nil then
+ opts['servers'] = opts['host'] .. ':' .. opts['port']
+ rspamd_logger.warnx(rspamd_config, 'Using host and port parameters is deprecated. '..
+ 'Please use servers = "%s:%s"; instead', opts['host'], opts['port'])
+end
+if opts['host'] ~= nil and not opts['port'] then
+ opts['socket'] = opts['host']
+ rspamd_logger.warnx(rspamd_config, 'Using host parameters is deprecated. '..
+ 'Please use socket = "%s"; instead', opts['host'])
+end
+-- WORKAROUND for deprecated host and port settings
+
if opts and ( opts['servers'] or opts['socket'] ) then
rspamd_config:register_symbol({
name = symbol_bulk,

3
rspamd-1.8.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5ced34abe666dba2cf36decbcfb554284016d71fd196852d4ca380cbdf7d06d3
size 4242518

3
rspamd-1.8.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cd25dab6fbd2b20b3bf0c871b133d08a5107696e012c798c6e93cd9e53537555
size 4286637