msys.expurgate.scan
Name
msys.expurgate.scan — Scan using the Eleven antivirus engine
Synopsis
msys.expurgate.scan(msg, accept, vctx);
msg: userdata, ec_message type accept: userdata, accept_construct type vctx: userdata, validate_context type
Description
Use this function to scan the mail. You must load and correctly configure the eleven module before using this function. Be sure to set the eleven module option Enabled to false. For details, see “eleven – Eleven eXpurgate Content Scanning”.
It can be invoked at the data, spool, or each_rcpt phases where there is a complete message. It will not work at the connect, ehlo, mailfrom, or rcptto phases.
Enable this function with the statement require('msys.expurgate');.
It takes the following parameters:
-
msg– Email to be scored -
accept– accept_construct -
vctx– Validation context
The scan result is a tuple consisting of the following:
-
major-type-string– String values for major type:-
unknown
-
clean
-
suspect
-
spam
-
bulk
-
dangerous
-
-
minor-type-string– String values for minor type:-
normal
-
empty
-
empty-body
-
almost-empty
-
bounce
-
advertisement
-
porn
-
virus
-
attachment
-
code
-
iframe
-
outbreak
-
url
-
url-count
-
mail-count
-
sender
-
-
major-type-int– Integer values for major type:-
msys.expurgate.TYPE_UNKNOWN
-
msys.expurgate.TYPE_CLEAN
-
msys.expurgate.TYPE_SUSPECT
-
msys.expurgate.TYPE_SPAM
-
msys.expurgate.TYPE_BULK
-
msys.expurgate.TYPE_DANGEROUS
-
-
minor-type-int– Integer values for minor type:-
msys.expurgate.SUBTYPE_NORMAL
-
msys.expurgate.SUBTYPE_CLEAN_EMPTY
-
msys.expurgate.SUBTYPE_CLEAN_ALMOST_EMPTY
-
msys.expurgate.SUBTYPE_CLEAN_EMPTY_BODY
-
msys.expurgate.SUBTYPE_CLEAN_BOUNCE
-
msys.expurgate.SUBTYPE_BULK_ADV
-
msys.expurgate.SUBTYPE_BULK_PORN
-
msys.expurgate.SUBTYPE_DANGEROUS_VIRUS
-
msys.expurgate.SUBTYPE_DANGEROUS_ATTACHMENT
-
msys.expurgate.SUBTYPE_DANGEROUS_CODE
-
msys.expurgate.SUBTYPE_DANGEROUS_IFRAME
-
msys.expurgate.SUBTYPE_DANGEROUS_OUTBREAK
-
msys.expurgate.SUBTYPE_SUSPECT_URL
-
msys.expurgate.SUBTYPE_SUSPECT_URL_COUNT
-
msys.expurgate.SUBTYPE_SUSPECT_MAIL_COUNT
-
msys.expurgate.SUBTYPE_SUSPECT_SENDER
-
msys.expurgate.SUBTYPE_SUSPECT_USER1
-
msys.expurgate.SUBTYPE_SUSPECT_USER2
-
msys.expurgate.SUBTYPE_SUSPECT_USER3
-
msys.expurgate.SUBTYPE_SUSPECT_USER4
-
msys.expurgate.SUBTYPE_SUSPECT_USER5
-
msys.expurgate.SUBTYPE_SUSPECT_USER6
-
msys.expurgate.SUBTYPE_SUSPECT_USER7
-
msys.expurgate.SUBTYPE_SUSPECT_USER8
-
msys.expurgate.SUBTYPE_SUSPECT_USER9
-
The major and minor types are also set within the validation context (VCTX_MESS). Look them up using the following keys:
-
eleven-majorscoreis mapped to major type's integer value (in string format). -
eleven-resultis mapped to major type's string value. -
eleven-minorscoreis mapped to minor type's integer value (in string format). -
eleven-result-subtypeis mapped to minor type's string value.
require("msys.core")
require("msys.extended.message")
require("msys.expurgate")
local function evaluate(vctx, major, minor, major_str, minor_str)
if major == msys.expurgate.TYPE_CLEAN
or major == msys.expurgate.TYPE_BULK and minor == msys.expurgate.SUBTYPE_NORMAL then
return msys.core.VALIDATE_CONT
else
vctx:set_code(550, major_str .. "/" .. minor_str .. ":" .. major .. "/" .. minor)
return msys.core.VALIDATE_DONE
end
end
local function scan(msg, ac, vctx)
local a, b, c, d;
local l, m, n, o;
msys.expurgate.scan();
msys.expurgate.scan(nil);
msys.expurgate.scan(nil, nil);
msys.expurgate.scan(nil, nil, nil);
a, b, c, d = msys.expurgate.scan();
l, m, n, o = msys.expurgate.scan(msg, accept, ctx)
if a ~= l or b ~= m or c ~= n or d ~= o then
error("inconsistent return values");
end
return a, b, c, d;
end
local mod = {};
function mod:validate_data(msg, accept, vctx)
local major_type, minor_type, major_str, minor_str = scan(msg, accept, ctx)
print ("major/minor", major_type .. "/" .. minor_type)
return evaluate(vctx, major_type, minor_type, major_str, minor_str)
end
msys.registerModule("test_scan", mod);