]> source.dussan.org Git - rspamd.git/commitdiff
Add R_SUSPICIOUS_URL rule that detects obfusicated URL's
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 20 Nov 2015 13:52:20 +0000 (13:52 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 20 Nov 2015 13:52:20 +0000 (13:52 +0000)
rules/misc.lua

index cbcdff0fce590d2790e6fd0eed91831488399a58..f423d014e970ec91593d7077f3d0c003f6d72990 100644 (file)
@@ -90,3 +90,22 @@ rspamd_config.DATE_IN_PAST = function(task)
 
        return false
 end
+
+rspamd_config.R_SUSPICIOUS_URL = {
+  callback = function(task)
+    local urls = task:get_urls()
+
+    if urls then
+      for i,u in ipairs(urls) do
+        if u:is_obscured() then
+          return true
+        end
+      end
+    end
+    return false
+  end,
+  score = 6.0,
+  group = 'url',
+  one_shot = true,
+  description = 'Obfusicated or suspicious URL has been found in a message'
+}