[Enhancement] Catch "Mail message body" Content-Description

author twesterhever <40121680+twesterhever@users.noreply.github.com>

Sun, 28 Apr 2024 09:44:07 +0000 (09:44 +0000)

committer twesterhever <40121680+twesterhever@users.noreply.github.com>

Sun, 28 Apr 2024 09:44:07 +0000 (09:44 +0000)
author twesterhever <40121680+twesterhever@users.noreply.github.com>
Sun, 28 Apr 2024 09:44:07 +0000 (09:44 +0000)
committer twesterhever <40121680+twesterhever@users.noreply.github.com>
Sun, 28 Apr 2024 09:44:07 +0000 (09:44 +0000)
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua

index f7e23501c55c78a978d1bc55b478ccdb1a08427c..7397ed84bb7a06718fec257f4fcf98fe4c28b055 100644 (file)
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -910,6 +910,13 @@ reconf['HAS_CD_HEADER'] = {
    group = 'headers'
  }
  
+reconf['CD_MM_BODY'] = {
+  re = 'Content-Description=/Mail message body/Hi',
+  description = 'Content-Description header reads "Mail message body", commonly seen in spam',
+  score = 2.0,
+  group = 'headers'
+}
+
  reconf['X_PHPOS_FAKE'] = {
    re = 'X-PHP-Originating-Script=/^\\d{7}:/Hi',
    description = 'Fake X-PHP-Originating-Script header',
author	twesterhever <40121680+twesterhever@users.noreply.github.com>
	Sun, 28 Apr 2024 09:44:07 +0000 (09:44 +0000)
committer	twesterhever <40121680+twesterhever@users.noreply.github.com>
	Sun, 28 Apr 2024 09:44:07 +0000 (09:44 +0000)