[Feature] lua_scanners - Avast Rest API support #4284
Conversation
| lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s', | ||
| rule.log_prefix, addr, addr:get_port()) | ||
|
|
||
| http.request(request_data) |
There was a problem hiding this comment.
I'd also suggest to add upstream to request_data as it will simplify handling. You might also need to remove all calls to upstream:ok and upstream:fail as that will be handled internally by lua_http module.
There was a problem hiding this comment.
Thanks for you review and your suggestions. And sorry for my late response.
I have missed your commits about the http upstreams :)
I will adopt to http_upstreams_by_url, but I need a 3.3 test system with avast first.
| requery() | ||
| else | ||
| -- Parse the response | ||
| if upstream then upstream:ok() end |
| common.yield_result(task, rule, string.format('Bad HTTP code: %s', code), 1.0, 'fail', maybe_part) | ||
| return | ||
| end | ||
| local data = string.gsub(tostring(body), '[\r\n%s]$', '') |
There was a problem hiding this comment.
Why do we need that? It copies the text and I see no point in that, as you subsequently parse it via ucl module. It is also redundant for debugging purposes as Rspamd has a way to fix that. So I'd suggest to remove that completely.
| rule.log_prefix, data) | ||
|
|
||
| local ucl_parser = ucl.parser() | ||
| local ok, ucl_err = ucl_parser:parse_string(tostring(body)) |
There was a problem hiding this comment.
Same here, double tostring is double copy and interning. Please remove it for performance and sanity by replacing parse_string with parse_text.
| lua_util.debugm(N, task, '%s: JSON OBJECT - %s', rule.log_prefix, result) | ||
|
|
||
| local threat_tbl = {} | ||
| if result and result.issues and #result.issues > 0 then |
There was a problem hiding this comment.
| if result and result.issues and #result.issues > 0 then | |
| if result and type(result.issues) == 'table' and result.issues[1] then |
| threat_tbl['WARN:'..r.warning_str] = 'fail' | ||
| end | ||
| else | ||
| rspamd_logger.warnx(task, '%s: generic warning: id: %s - msg: %s', |
There was a problem hiding this comment.
| rspamd_logger.warnx(task, '%s: generic warning: id: %s - msg: %s', | |
| rspamd_logger.messagex(task, '%s: generic warning: id: %s - msg: %s', |
| end | ||
| end | ||
|
|
||
| if lua_util.nkeys(threat_tbl) > 0 then |
There was a problem hiding this comment.
| if lua_util.nkeys(threat_tbl) > 0 then | |
| if next(threat_tbl) then |
| @@ -381,7 +381,8 @@ local function gen_extension(fname) | |||
|
|
|||
| local ext = {} | |||
| for n = 1, 2 do | |||
| ext[n] = #filename_parts > n and string.lower(filename_parts[#filename_parts + 1 - n]) or nil | |||
| ext[n] = #filename_parts > n | |||
| and string.lower(string.gsub(filename_parts[#filename_parts + 1 - n],'[%c%s%p]','')) or nil | |||
There was a problem hiding this comment.
Could you please add a descriptive comment of what you are changing here. For me, it is not very intuitive atm.
|
|
||
| local filename | ||
| if rule.use_files then | ||
| filename = string.format('%s/%s.tmp', |
There was a problem hiding this comment.
| filename = string.format('%s/%s.tmp', | |
| filename = string.format('%s/%s.tmp.ravast', |
To help detecting file leaks if any...
|
|
||
| local request_data = { | ||
| task = task, | ||
| timeout = rule.timeout, |
There was a problem hiding this comment.
| timeout = rule.timeout, | |
| timeout = rule.timeout, | |
| upstream = upstream, |
|
Test failure is irrelevant. |
|
Any news on this? We would be very happy to see this feature in rspamd :) |
|
Get error using this script: Get back to avast unix socket way. |
|
Any news on this? We would be very happy to see this feature in rspamd :) |
|
Is there anything new here yet? If it works via the socket, then it would be great if the example could be adapted, I would be happy if Avast would work with rspamd. |
Add support for the Rest API of Avast Business Antivirus for Linux.
https://businesshelp.avast.com/Content/Products/AfB_Antivirus/Linux/InstallingAvastBusinessAntivirusLinux.htm