From: Alexander Moisseev Date: Thu, 17 May 2018 08:36:30 +0000 (+0300) Subject: [Minor] Check for archive cloaking X-Git-Tag: 1.7.5~11^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F2243%2Fhead;p=rspamd.git [Minor] Check for archive cloaking like .zip.gz --- diff --git a/src/plugins/lua/mime_types.lua b/src/plugins/lua/mime_types.lua index 1d6f0a3aa..43142132c 100644 --- a/src/plugins/lua/mime_types.lua +++ b/src/plugins/lua/mime_types.lua @@ -865,6 +865,13 @@ local function check_mime_type(task) if ext2 then check_extension(settings['bad_extensions'][ext], settings['bad_extensions'][ext2]) + -- Check for archive cloaking like .zip.gz + if settings['archive_extensions'][ext2] + -- Exclude multipart archive extensions, e.g. .zip.001 + and not string.match(ext, '^%d+$') + then + task:insert_result(settings['symbol_archive_in_archive'], 1.0, string.format(".%s.%s", ext2, ext)) + end else check_extension(settings['bad_extensions'][ext], nil) end diff --git a/test/functional/cases/105_mimetypes.robot b/test/functional/cases/105_mimetypes.robot index 77afbadac..895255194 100644 --- a/test/functional/cases/105_mimetypes.robot +++ b/test/functional/cases/105_mimetypes.robot @@ -37,6 +37,14 @@ Rar4 ${result} = Scan Message With Rspamc ${TESTDIR}/messages/rar4.eml Check Rspamc ${result} MIME_BAD_EXTENSION \\(\\d+\\.\\d+\\)\\[exe\\]\\n re=1 +Cloaked Archive Extension + ${result} = Scan Message With Rspamc ${TESTDIR}/messages/f.zip.gz.eml + Check Rspamc ${result} MIME_ARCHIVE_IN_ARCHIVE \\(\\d+\\.\\d+\\)\\[\\.zip\\.gz\\]\\n re=1 + +Multipart Archive Extension + ${result} = Scan Message With Rspamc ${TESTDIR}/messages/f.zip.001.eml + Should Not Contain ${result.stdout} MIME_ARCHIVE_IN_ARCHIVE + *** Keywords *** MIMETypes Setup ${PLUGIN_CONFIG} = Get File ${TESTDIR}/configs/mime_types.conf diff --git a/test/functional/messages/f.zip.001.eml b/test/functional/messages/f.zip.001.eml new file mode 100644 index 000000000..f5d5cebec --- /dev/null +++ b/test/functional/messages/f.zip.001.eml @@ -0,0 +1,11 @@ +Content-Type: multipart/mixed; boundary="------------CB783608BCB68F7F91E9F2A1" + +--------------CB783608BCB68F7F91E9F2A1 +Content-Type: application/octet-stream; name="f.zip.001" +Content-Disposition: attachment; filename="f.zip.001" +Content-Transfer-Encoding: base64 + +UEsDBAoAAAAAAGVXsUwAAAAAAAAAAAAAAAAFAAAAZi50eHRQSwECPwAKAAAAAABlV7FMAAAA +AAAAAAAAAAAABQAkAAAAAAAAACAgAAAAAAAAZi50eHQKACAAAAAAAAEAGAC4V3vvtO3TAbhX +e++07dMBuFd777Tt0wFQSwUGAAAAAAEAAQBXAAAAIwAAAAAA +--------------CB783608BCB68F7F91E9F2A1-- diff --git a/test/functional/messages/f.zip.gz.eml b/test/functional/messages/f.zip.gz.eml new file mode 100644 index 000000000..afb144480 --- /dev/null +++ b/test/functional/messages/f.zip.gz.eml @@ -0,0 +1,11 @@ +Content-Type: multipart/mixed; boundary="------------283A5F1FAE533F3FB6BF6ED3" + +--------------283A5F1FAE533F3FB6BF6ED3 +Content-Type: application/octet-stream; name="f.zip.gz" +Content-Disposition: attachment; filename="f.zip.gz" +Content-Transfer-Encoding: base64 + +H4sICPY5/VoEAGYuemlwAHVLuQmAQBCcU8/gKjA80NgWLGANNtsKtIILBKsSDOzDOsQWXE8F +EZxl54EZpjRzONHJ1OIFq9/XYQhMJmnwV6pu573SM3G4kkGBRcZ93lbzVSabx46eqJZxcQAU +cyqqkAAAAA== +--------------283A5F1FAE533F3FB6BF6ED3--