]> source.dussan.org Git - rspamd.git/commitdiff
projects / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a3ffb7)
[Minor] Check for archive cloaking 2243/head
authorAlexander Moisseev <moiseev@mezonplus.ru>
Thu, 17 May 2018 08:36:30 +0000 (11:36 +0300)
committerAlexander Moisseev <moiseev@mezonplus.ru>
Thu, 17 May 2018 08:36:30 +0000 (11:36 +0300)
like .zip.gz

src/plugins/lua/mime_types.lua patch | blob | history
test/functional/cases/105_mimetypes.robot patch | blob | history
test/functional/messages/f.zip.001.eml [new file with mode: 0644] patch | blob
test/functional/messages/f.zip.gz.eml [new file with mode: 0644] patch | blob

diff --git a/src/plugins/lua/mime_types.lua b/src/plugins/lua/mime_types.lua
index 1d6f0a3aa5ff8dfa0c248918f80e6ff4c445aa96..43142132cb730cc69e48f92873900c4073a4d3c5 100644 (file)
--- a/src/plugins/lua/mime_types.lua
+++ b/src/plugins/lua/mime_types.lua
@@ -865,6 +865,13 @@ local function check_mime_type(task)
         if ext2 then
           check_extension(settings['bad_extensions'][ext],
             settings['bad_extensions'][ext2])
+          -- Check for archive cloaking like .zip.gz
+          if settings['archive_extensions'][ext2]
+            -- Exclude multipart archive extensions, e.g. .zip.001
+            and not string.match(ext, '^%d+$')
+          then
+            task:insert_result(settings['symbol_archive_in_archive'], 1.0, string.format(".%s.%s", ext2, ext))
+          end
         else
           check_extension(settings['bad_extensions'][ext], nil)
         end
diff --git a/test/functional/cases/105_mimetypes.robot b/test/functional/cases/105_mimetypes.robot
index 77afbadac0d31a02724b35569cf08db4891c9a1a..895255194787c566d23b41a4be2f9f23bec36f00 100644 (file)
--- a/test/functional/cases/105_mimetypes.robot
+++ b/test/functional/cases/105_mimetypes.robot
@@ -37,6 +37,14 @@ Rar4
   ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/rar4.eml
   Check Rspamc  ${result}  MIME_BAD_EXTENSION \\(\\d+\\.\\d+\\)\\[exe\\]\\n  re=1
 
+Cloaked Archive Extension
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/f.zip.gz.eml
+  Check Rspamc  ${result}  MIME_ARCHIVE_IN_ARCHIVE \\(\\d+\\.\\d+\\)\\[\\.zip\\.gz\\]\\n  re=1
+
+Multipart Archive Extension
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/f.zip.001.eml
+  Should Not Contain  ${result.stdout}  MIME_ARCHIVE_IN_ARCHIVE
+
 *** Keywords ***
 MIMETypes Setup
   ${PLUGIN_CONFIG} =  Get File  ${TESTDIR}/configs/mime_types.conf
diff --git a/test/functional/messages/f.zip.001.eml b/test/functional/messages/f.zip.001.eml
new file mode 100644 (file)
index 0000000..f5d5ceb
--- /dev/null
+++ b/test/functional/messages/f.zip.001.eml
@@ -0,0 +1,11 @@
+Content-Type: multipart/mixed; boundary="------------CB783608BCB68F7F91E9F2A1"
+
+--------------CB783608BCB68F7F91E9F2A1
+Content-Type: application/octet-stream; name="f.zip.001"
+Content-Disposition: attachment; filename="f.zip.001"
+Content-Transfer-Encoding: base64
+
+UEsDBAoAAAAAAGVXsUwAAAAAAAAAAAAAAAAFAAAAZi50eHRQSwECPwAKAAAAAABlV7FMAAAA
+AAAAAAAAAAAABQAkAAAAAAAAACAgAAAAAAAAZi50eHQKACAAAAAAAAEAGAC4V3vvtO3TAbhX
+e++07dMBuFd777Tt0wFQSwUGAAAAAAEAAQBXAAAAIwAAAAAA
+--------------CB783608BCB68F7F91E9F2A1--
diff --git a/test/functional/messages/f.zip.gz.eml b/test/functional/messages/f.zip.gz.eml
new file mode 100644 (file)
index 0000000..afb1444
--- /dev/null
+++ b/test/functional/messages/f.zip.gz.eml
@@ -0,0 +1,11 @@
+Content-Type: multipart/mixed; boundary="------------283A5F1FAE533F3FB6BF6ED3"
+
+--------------283A5F1FAE533F3FB6BF6ED3
+Content-Type: application/octet-stream; name="f.zip.gz"
+Content-Disposition: attachment; filename="f.zip.gz"
+Content-Transfer-Encoding: base64
+
+H4sICPY5/VoEAGYuemlwAHVLuQmAQBCcU8/gKjA80NgWLGANNtsKtIILBKsSDOzDOsQWXE8F
+EZxl54EZpjRzONHJ1OIFq9/XYQhMJmnwV6pu573SM3G4kkGBRcZ93lbzVSabx46eqJZxcQAU
+cyqqkAAAAA==
+--------------283A5F1FAE533F3FB6BF6ED3--
Rapid spam filtering system: https://github.com/rspamd/rspamd