1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-25 02:29:32 +02:00

Add mraptor to rspamd

This commit is contained in:
andryyy 2017-02-18 20:29:15 +01:00
parent f6241619df
commit f13df1ec46
2 changed files with 39 additions and 1 deletions

View File

@ -12,12 +12,14 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \
RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
&& echo "deb http://rspamd.com/apt-stable/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
&& apt-get update \
&& apt-get -y install rspamd ca-certificates
&& apt-get -y install rspamd ca-certificates python-pip
RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local
# "Hardcoded" - we need them
RUN echo 'settings = "http://nginx:8081/settings.php";' > /etc/rspamd/modules.d/settings.conf
RUN pip install -U oletools
CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"]
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -74,3 +74,39 @@ rspamd_config.ADD_DELIMITER_TAG = {
return false
end
}
rspamd_config.MRAPTOR = {
callback = function(task)
local parts = task:get_parts()
local rspamd_logger = require "rspamd_logger"
local rspamd_regexp = require "rspamd_regexp"
if parts then
for _,p in ipairs(parts) do
local mtype,subtype = p:get_type()
local re = rspamd_regexp.create_cached('/(office|word|excel)/i')
if re:match(subtype) then
local content = tostring(p:get_content())
local filename = p:get_filename()
local file = os.tmpname()
f = io.open(file, "a+")
f:write(content)
f:close()
local scan = assert(io.popen('PATH=/usr/bin:/usr/local/bin mraptor ' .. file .. '> /dev/null 2>&1; echo $?', 'r'))
local result = scan:read('*all')
local exit_code = string.match(result, "%d+")
rspamd_logger.infox(exit_code)
scan:close()
if exit_code == "20" then
rspamd_logger.infox("Reject dangerous macro in office file " .. filename)
task:set_pre_result(rspamd_actions['reject'], 'Dangerous macro in office file ' .. filename)
end
end
end
end
end
}