rewrite subject: different subject for spam and virus

929 views
Skip to first unread message

Groups Discussion

unread,
Mar 16, 2017, 9:24:12 AM3/16/17
to rspamd
Hi,

I would like to rewrite subject in different ways for spam and virus,

I have this configuration:

/etc/rspamd/override.d/metrics.conf 

subject = "*** SPAM *** %s ";

actions {
    reject = 150;
    rewrite_subject = 6;
    greylist = 4;
}

/etc/rspamd/local.d/antivirus.conf 
clamav {
  action = "add header";
  attachments_only = true;
  symbol = "CLAM_VIRUS";
  type = "clamav";
  servers = "/var/run/clamav/clamd.ctl";
  patterns {
    JUST_EICAR = "^Eicar-Test-Signature$";
  }
  whitelist = "/etc/rspamd/antivirus.wl";
}

/etc/rspamd/local.d/force_actions.conf 

rules {
  VIRUS {
    action = "rewrite subject";
    expression = "CLAM_VIRUS | JUST_EICAR";
    subject = "*** VIRUS *** %s ";
  }
}

but rspamd segfaults:

[18586.680631] rspamd[4953]: segfault at 0 ip           (null) sp 00007ffdca1547c8 error 14 in rspamd[400000+6de000]
[18588.756723] rspamd[4954]: segfault at 0 ip           (null) sp 00007ffdca1547c8 error 14 in rspamd[400000+6de000]
[18590.831092] rspamd[4955]: segfault at 0 ip           (null) sp 00007ffdca1547c8 error 14 in rspamd[400000+6de000]
[18592.918595] rspamd[4956]: segfault at 0 ip           (null) sp 00007ffdca1547c8 error 14 in rspamd[400000+6de000]

if you want I can try to get a coredump but I think this should be easy to reproduce

is there something wrong with my config or is this a bug in rspamd?

thanks!

Andrew Lewis

unread,
Mar 16, 2017, 9:34:29 AM3/16/17
to rsp...@googlegroups.com

Quoting Groups Discussion <drakk...@gmail.com>:

> is there something wrong with my config or is this a bug in rspamd?

Config looks fine. Smells like a bug in something; I was unable to
reproduce it however.

Best,
-AL.

Groups Discussion

unread,
Mar 16, 2017, 6:46:53 PM3/16/17
to rspamd
Here is the backtrace:

Thread 1 (Thread 0x7f2ae623b780 (LWP 1572)):
#0  rspamd_icase_hash (in=0x616e6769532d7473 <error: Cannot access memory at address 0x616e6769532d7473>, 
    len=<optimized out>, seed=<optimized out>) at /rspamd-1.5.2/src/libutil/str_util.c:206
#1  0x0000000000547d18 in rspamd_ftok_icase_hash (key=0x402ffb08) at /rspamd-1.5.2/src/libutil/str_util.c:288
#2  0x00007f2ae4880ba3 in g_hash_table_lookup () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00000000004c739b in lua_map_get_key (L=0x4094b378) at /rspamd-1.5.2/src/lua/lua_map.c:608
#4  0x000000000097cea7 in lj_BC_FUNCC ()
#5  0x000000000096bf0d in lua_pcall ()
#6  0x00000000004d02fc in lua_redis_push_data.isra.4 (sp_ud=0x7f2ade039b50, r=0x7f2ade2987f0)
    at /rspamd-1.5.2/src/lua/lua_redis.c:321
#7  lua_redis_callback (c=<optimized out>, r=0x7f2ade2987f0, priv=0x7f2ade039b50)
    at /rspamd-1.5.2/src/lua/lua_redis.c:372
#8  0x000000000047a466 in __redisRunCallback () at /rspamd-1.5.2/contrib/hiredis/async.c:271
#9  redisProcessCallbacks (ac=0x7f2ade10d100) at /rspamd-1.5.2/contrib/hiredis/async.c:472
#10 0x00007f2ae439f4c9 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
#11 0x00000000004de218 in start_worker (worker=0x7f2ade2a3300) at /rspamd-1.5.2/src/worker.c:643
#12 0x0000000000470373 in rspamd_fork_worker (rspamd_main=0x7f2ade064080, cf=0x7f2ade043810, index=0, 
    ev_base=<optimized out>) at /rspamd-1.5.2/src/libserver/worker_util.c:607
#13 0x00000000004df943 in spawn_worker_type (rspamd_main=0x7f2ade064080, ev_base=0x7f2ade0ae980, cf=0x7f2ade043810)
    at /rspamd-1.5.2/src/rspamd.c:521
#14 0x00000000004dfbfa in spawn_workers (rspamd_main=rspamd_main@entry=0x7f2ade064080, 
    ev_base=ev_base@entry=0x7f2ade0ae980) at /rspamd-1.5.2/src/rspamd.c:605
#15 0x000000000043e7d4 in main (argc=1, argv=0x7ffd5245eb48, env=<optimized out>) at /rspamd-1.5.2/src/rspamd.c:1376

Groups Discussion

unread,
Mar 17, 2017, 7:12:12 PM3/17/17
to rspamd
This crash is fixed in 1.5.3,

anyway my config does not work, If I send a message with eicar test virus attached I get this headers:

X-Spamd-Result: default: False [5.00 / 150.00]
 MIME_ARCHIVE_IN_ARCHIVE(5.00)[zip]
 HAS_ORG_HEADER(0.00)[]
 HAS_ATTACHMENT(0.00)[]
 REPLYTO_ADDR_EQ_FROM(0.00)[]
 JUST_EICAR(0.00)[Eicar-Test-Signature]
 FROM_EQ_ENVFROM(0.00)[]
 MIME_GOOD(-0.10)[multipart/mixed, text/plain]
 TO_MATCH_ENVRCPT_ALL(0.00)[]
 TO_DN_ALL(0.00)[]
 MIME_UNKNOWN(0.10)[application/x-zip]
 MID_RHS_MATCH_FROM(0.00)[]
 RCVD_COUNT_ONE(0.00)[1]
 HAS_REPLYTO(0.00)[]
 RCPT_COUNT_ONE(0.00)[1]
 FROM_HAS_DN(0.00)[]
X-Rspamd-Server: 127.0.0.1
X-Rspamd-Scan-Time: 0.17
X-Rspamd-Queue-ID: 251171FE0E

so eicar is detected but the actions specified in /etc/rspamd/local.d/force_actions.conf

rules {
  VIRUS {
    action = "rewrite subject";
    expression = "CLAM_VIRUS | JUST_EICAR";
    subject = "*** VIRUS *** %s";
  }
}


are not executed, what's wrong?

Groups Discussion

unread,
Mar 17, 2017, 8:01:47 PM3/17/17
to rspamd
Ok, I spoke too soon, here are some crash with 1.5.3 and with the same config

#0  0x00007fde0aa43df8 in ?? ()
#1  0x00007fde10f5eba3 in g_hash_table_lookup () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00000000004a799b in lua_map_get_key (L=0x41bbe378) at /rspamd-1.5.3/src/lua/lua_map.c:608
#3  0x000000000097de87 in lj_BC_FUNCC ()
#4  0x000000000096cecd in lua_pcall ()
#5  0x00000000004df4bc in lua_redis_push_data.isra.4 (sp_ud=0x7fde0a835d10, r=0x7fde0aa9dd30)
    at /rspamd-1.5.3/src/lua/lua_redis.c:321
#6  lua_redis_callback (c=<optimized out>, r=0x7fde0aa9dd30, priv=0x7fde0a835d10)
    at /rspamd-1.5.3/src/lua/lua_redis.c:372
#7  0x0000000000489386 in __redisRunCallback () at /rspamd-1.5.3/contrib/hiredis/async.c:271
#8  redisProcessCallbacks (ac=0x7fde0a90d100) at /rspamd-1.5.3/contrib/hiredis/async.c:472
#9  0x00007fde10a7d4c9 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
#10 0x0000000000440708 in start_worker (worker=0x7fde0abd5d00) at /rspamd-1.5.3/src/worker.c:643
#11 0x000000000047f293 in rspamd_fork_worker (rspamd_main=0x7fde0a864080, cf=0x7fde0a843810, index=0, 
    ev_base=<optimized out>) at /rspamd-1.5.3/src/libserver/worker_util.c:607
#12 0x0000000000442dd6 in rspamd_fork_delayed_cb (signo=<optimized out>, what=<optimized out>, arg=0x7fde0a823290)
    at /rspamd-1.5.3/src/rspamd.c:323
#13 0x00007fde10a7d4c9 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
#14 0x000000000043e823 in main (argc=1, argv=0x7ffcc3618e28, env=<optimized out>) at /rspamd-1.5.3/src/rspamd.c:1388


#0  0x00007fde11481428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007fde1148302a in __GI_abort () at abort.c:89
#2  0x00007fde10f95d65 in g_assertion_message () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fde10f95dfa in g_assertion_message_expr () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fde10f5ecbe in g_hash_table_lookup () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00000000004a799b in lua_map_get_key (L=0x41bbe378) at /rspamd-1.5.3/src/lua/lua_map.c:608
#6  0x000000000097de87 in lj_BC_FUNCC ()
#7  0x000000000096cecd in lua_pcall ()
#8  0x00000000004df4bc in lua_redis_push_data.isra.4 (sp_ud=0x7fde00e22b70, r=0x7fde0ab62c70)
    at /rspamd-1.5.3/src/lua/lua_redis.c:321
#9  lua_redis_callback (c=<optimized out>, r=0x7fde0ab62c70, priv=0x7fde00e22b70)
    at /rspamd-1.5.3/src/lua/lua_redis.c:372
#10 0x0000000000489386 in __redisRunCallback () at /rspamd-1.5.3/contrib/hiredis/async.c:271
#11 redisProcessCallbacks (ac=0x7fde0a90cc80) at /rspamd-1.5.3/contrib/hiredis/async.c:472
#12 0x00007fde10a7d4c9 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
#13 0x0000000000440708 in start_worker (worker=0x7fde0abd5d00) at /rspamd-1.5.3/src/worker.c:643
#14 0x000000000047f293 in rspamd_fork_worker (rspamd_main=0x7fde0a864080, cf=0x7fde0a843810, index=0, 
    ev_base=<optimized out>) at /rspamd-1.5.3/src/libserver/worker_util.c:607
#15 0x0000000000442ea3 in spawn_worker_type (rspamd_main=0x7fde0a864080, ev_base=0x7fde0a8ae980, cf=0x7fde0a843810)
    at /rspamd-1.5.3/src/rspamd.c:521
#16 0x000000000044315a in spawn_workers (rspamd_main=rspamd_main@entry=0x7fde0a864080, 
    ev_base=ev_base@entry=0x7fde0a8ae980) at /rspamd-1.5.3/src/rspamd.c:605
#17 0x000000000043e794 in main (argc=1, argv=0x7ffcc3618e28, env=<optimized out>) at /rspamd-1.5.3/src/rspamd.c:1376

one time I was able to get the differentiated subject for virus email and this should confirm that the config is correct and this is a bug in rspamd,

please fix, thanks!

Andrew Lewis

unread,
Mar 18, 2017, 7:11:21 AM3/18/17
to rsp...@googlegroups.com

Quoting Groups Discussion <drakk...@gmail.com>:

> Ok, I spoke too soon, here are some crash with 1.5.3 and with the same
> config

What platform? That may be glib issue.

Best,
-AL.

Reply all
Reply to author
Forward
0 new messages