]> source.dussan.org Git - rspamd.git/commitdiff
[Feature] Rule to detect some obvious X-PHP-Originating-Script forgeries 1114/head
authorAndrew Lewis <nerf@judo.za.org>
Wed, 9 Nov 2016 13:20:34 +0000 (15:20 +0200)
committerAndrew Lewis <nerf@judo.za.org>
Wed, 9 Nov 2016 13:29:04 +0000 (15:29 +0200)
rules/regexp/headers.lua

index 6b43c2f05903ce43cf148e30f36ff00017335346..56f71065003376312e26a3319683d7935b64b9e5 100644 (file)
@@ -790,6 +790,13 @@ reconf['X_PHP_EVAL'] = {
   group = 'header'
 }
 
+reconf['X_PHP_FORGED_0X'] = {
+  re = "X-PHP-Originating-Script=/^0\\d/X",
+  score = 4.0,
+  description = "X-PHP-Originating-Script header appears forged",
+  group = 'header'
+}
+
 reconf['GOOGLE_FORWARDING_MID_MISSING'] = {
   re = "Message-ID=/SMTPIN_ADDED_MISSING\\@mx\\.google\\.com>$/X",
   score = 2.5,