This repository contains an updated Lua-Module for the RSpamd Spam-Filtering System. It is more robust and evaluates more return codes from the SAVAPI scanner.
Git fdd9ffd5fed2b2c22d300cd211c2e2020c6ef1bb
The old code used string comparison to decide on the return code of the SAVAPI antivirus scanner. However the return string from SAVAPI could also contain other text such as the filename of an infected file. If that filename contained a number that is also a valid returncode (example: Buy 200000 v*** pills on this website) and because the return code “200” (not infected) is evaluated first before other return codes, an infected mail could have been passed as not infected.
Git b66be7ebdde9e1cc9a96aee243e6e6116e8abb1d
The Savapi module can now handle additional terminal return codes
| Return Code | Description |
|---|---|
| 220 | connection timeout |
| 350 | unspecified error, additional details in the SAVAPI scanner log |
| 404 | too many clients connected |
Git 1d294b064f97abee587c9d02fc9d065e67848a88
The Savapi module can now handle additional non-terminal return codes
| Return Code | Description |
|---|---|
| 421 | Microsoft OLE Document found |
| 422 | Microsoft OLE Document with Macros found |
| 423 | Microsoft OLE Document with Autostart-Macros found |
| 430 | Altert URL (URL to a page with additional information) |
| 450 | Plugin response |
| 499,100 | Information from SAVAPI |
| ??? | Unknow SAVAPI returncode |