msys.expurgate.scan

March 26, 2020 Contributors

Name

msys.expurgate.scan — Scan using the Eleven antivirus engine

Synopsis

msys.expurgate.scan(msg, accept, vctx);

msg: userdata, ec_message type
accept: userdata, accept_construct type
vctx: userdata, validate_context type

Description

You must load and correctly configure the eleven module before using this function. Be sure to set the module option Enabled to false. This function can be invoked at the data, spool or each_rcpt phases where there is a complete message. It will not work at the connect, ehlo, mailfrom or rcptto phases. msg is the email to be scored; accept is the accept_construct and vctx is the validation context. Use this function to scan the mail. The scan result is a tuple consisting of the following: major-type-string, minor-type-string, major-type-int, minor-type-int.

String values for major type:

  • unknown

  • clean

  • suspect

  • spam

  • bulk

  • dangerous

String values for minor type:

  • normal

  • empty

  • empty-body

  • almost-empty

  • bounce

  • advertisement

  • porn

  • virus

  • attachment

  • code

  • iframe

  • outbreak

  • url

  • url-count

  • mail-count

  • sender

Integer values for major type:

  • msys.expurgate.TYPE_UNKNOWN

  • msys.expurgate.TYPE_CLEAN

  • msys.expurgate.TYPE_SUSPECT

  • msys.expurgate.TYPE_SPAM

  • msys.expurgate.TYPE_BULK

  • msys.expurgate.TYPE_DANGEROUS

Integer values for minor type:

  • msys.expurgate.SUBTYPE_NORMAL

  • msys.expurgate.SUBTYPE_CLEAN_EMPTY

  • msys.expurgate.SUBTYPE_CLEAN_ALMOST_EMPTY

  • msys.expurgate.SUBTYPE_CLEAN_EMPTY_BODY

  • msys.expurgate.SUBTYPE_CLEAN_BOUNCE

  • msys.expurgate.SUBTYPE_BULK_ADV

  • msys.expurgate.SUBTYPE_BULK_PORN

  • msys.expurgate.SUBTYPE_DANGEROUS_VIRUS

  • msys.expurgate.SUBTYPE_DANGEROUS_ATTACHMENT

  • msys.expurgate.SUBTYPE_DANGEROUS_CODE

  • msys.expurgate.SUBTYPE_DANGEROUS_IFRAME

  • msys.expurgate.SUBTYPE_DANGEROUS_OUTBREAK

  • msys.expurgate.SUBTYPE_SUSPECT_URL

  • msys.expurgate.SUBTYPE_SUSPECT_URL_COUNT

  • msys.expurgate.SUBTYPE_SUSPECT_MAIL_COUNT

  • msys.expurgate.SUBTYPE_SUSPECT_SENDER

  • msys.expurgate.SUBTYPE_SUSPECT_USER1

  • msys.expurgate.SUBTYPE_SUSPECT_USER2

  • msys.expurgate.SUBTYPE_SUSPECT_USER3

  • msys.expurgate.SUBTYPE_SUSPECT_USER4

  • msys.expurgate.SUBTYPE_SUSPECT_USER5

  • msys.expurgate.SUBTYPE_SUSPECT_USER6

  • msys.expurgate.SUBTYPE_SUSPECT_USER7

  • msys.expurgate.SUBTYPE_SUSPECT_USER8

  • msys.expurgate.SUBTYPE_SUSPECT_USER9

The major and minor types are also set within the validation context (VCTX_MESS). Look them up using the following keys:

  • eleven-majorscore is mapped to major type’s integer value (in string format).

  • eleven-result is mapped to major type’s string value.

  • eleven-minorscore is mapped to minor type’s integer value (in string format).

  • eleven-result-subtype is mapped to minor type’s string value.

require("msys.core")
require("msys.extended.message")
require("msys.expurgate")

local function evaluate(vctx, major, minor, major_str, minor_str)
  if major == msys.expurgate.TYPE_CLEAN
    or major == msys.expurgate.TYPE_BULK and minor == msys.expurgate.SUBTYPE_NORMAL then
    return msys.core.VALIDATE_CONT
  else
    vctx:set_code(550, major_str .. "/" .. minor_str .. ":" .. major .. "/" .. minor)
    return msys.core.VALIDATE_DONE
  end
end

local function scan(msg, ac, vctx)
  local a, b, c, d;
  local l, m, n, o;

  msys.expurgate.scan();
  msys.expurgate.scan(nil);
  msys.expurgate.scan(nil, nil);
  msys.expurgate.scan(nil, nil, nil);

  a, b, c, d = msys.expurgate.scan();
  l, m, n, o = msys.expurgate.scan(msg, accept, ctx)

  if a ~= l or b ~= m or c ~= n or d ~= o then
    error("inconsistent return values");
  end

  return a, b, c, d;
end

local mod = {};
function mod:validate_data(msg, accept, vctx)
  local major_type, minor_type, major_str, minor_str = scan(msg, accept, ctx)
  print ("major/minor", major_type .. "/" .. minor_type)
  return evaluate(vctx, major_type, minor_type, major_str, minor_str)
end
msys.registerModule("test_scan", mod);

Enable this function with the statement require('msys.expurgate');.

See Also

“eleven – Module”