From 68d9f76dc1c898ea3434a69d4bba2c9681ba7ec7 Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Fri, 26 May 2023 11:57:19 +0000 Subject: [PATCH] [Minor] Improve various rule descriptions --- conf/scores.d/rbl_group.conf | 2 +- rules/headers_checks.lua | 4 +- rules/html.lua | 12 ++--- rules/misc.lua | 29 ++++++----- rules/regexp/headers.lua | 97 +++++++++++++++++------------------- rules/subject_checks.lua | 4 +- 6 files changed, 72 insertions(+), 76 deletions(-) diff --git a/conf/scores.d/rbl_group.conf b/conf/scores.d/rbl_group.conf index e24d7d14c..ef29ed2fa 100644 --- a/conf/scores.d/rbl_group.conf +++ b/conf/scores.d/rbl_group.conf @@ -135,7 +135,7 @@ symbols = { } "RECEIVED_SPAMHAUS_XBL" { weight = 1.0; - description = "Received address is listed in ZEN XBL"; + description = "Received address is listed in Spamhaus XBL"; groups = ["spamhaus"]; one_shot = true; } diff --git a/rules/headers_checks.lua b/rules/headers_checks.lua index 7a02bc2eb..f3d93efe7 100644 --- a/rules/headers_checks.lua +++ b/rules/headers_checks.lua @@ -570,7 +570,7 @@ rspamd_config.MISSING_FROM = { end, score = 2.0, group = 'headers', - description = 'Missing From: header' + description = 'Missing From header' } rspamd_config.MULTIPLE_FROM = { @@ -583,7 +583,7 @@ rspamd_config.MULTIPLE_FROM = { end, score = 8.0, group = 'headers', - description = 'Multiple addresses in From' + description = 'Multiple addresses in From header' } rspamd_config.MV_CASE = { diff --git a/rules/html.lua b/rules/html.lua index e2345e45d..78eb77fea 100644 --- a/rules/html.lua +++ b/rules/html.lua @@ -21,7 +21,7 @@ local rspamd_regexp = require "rspamd_regexp" reconf['MIME_HTML_ONLY'] = { re = 'has_only_html_part()', score = 0.2, - description = 'Messages that have only HTML part', + description = 'Messages has only an HTML part', group = 'headers' } @@ -74,7 +74,7 @@ rspamd_config.HTML_SHORT_LINK_IMG_1 = { end, score = 2.0, group = 'html', - description = 'Short html part (0..1K) with a link to an image' + description = 'Short HTML part (0..1K) with a link to an image' } rspamd_config.HTML_SHORT_LINK_IMG_2 = { @@ -83,7 +83,7 @@ rspamd_config.HTML_SHORT_LINK_IMG_2 = { end, score = 1.0, group = 'html', - description = 'Short html part (1K..1.5K) with a link to an image' + description = 'Short HTML part (1K..1.5K) with a link to an image' } rspamd_config.HTML_SHORT_LINK_IMG_3 = { @@ -92,7 +92,7 @@ rspamd_config.HTML_SHORT_LINK_IMG_3 = { end, score = 0.5, group = 'html', - description = 'Short html part (1.5K..2K) with a link to an image' + description = 'Short HTML part (1.5K..2K) with a link to an image' } rspamd_config.R_EMPTY_IMAGE = { @@ -395,7 +395,7 @@ rspamd_config.HTTP_TO_HTTPS = { end return false end, - description = 'Anchor text contains different scheme to target URL', + description = 'HTML anchor text contains different scheme to target URL', score = 0.5, group = 'html' } @@ -425,7 +425,7 @@ rspamd_config.HTTP_TO_IP = { end end end, - description = 'Anchor points to an IP address', + description = 'HTML anchor points to an IP address', score = 1.0, group = 'html' } diff --git a/rules/misc.lua b/rules/misc.lua index eff49864f..c8a83a6f9 100644 --- a/rules/misc.lua +++ b/rules/misc.lua @@ -91,7 +91,7 @@ local date_id = rspamd_config:register_symbol({ rspamd_config:register_symbol({ name = 'MISSING_DATE', score = 1.0, - description = 'Message date is missing', + description = 'Date header is missing', group = 'headers', type = 'virtual', parent = date_id, @@ -100,7 +100,7 @@ rspamd_config:register_symbol({ rspamd_config:register_symbol({ name = 'INVALID_DATE', score = 1.5, - description = 'Malformed date header', + description = 'Malformed Date header', group = 'headers', type = 'virtual', parent = date_id, @@ -109,7 +109,7 @@ rspamd_config:register_symbol({ rspamd_config:register_symbol({ name = 'DATE_IN_FUTURE', score = 4.0, - description = 'Message date is in future', + description = 'Message date is in the future', group = 'headers', type = 'virtual', parent = date_id, @@ -118,7 +118,7 @@ rspamd_config:register_symbol({ rspamd_config:register_symbol({ name = 'DATE_IN_PAST', score = 1.0, - description = 'Message date is in past', + description = 'Message date is in the past', group = 'headers', type = 'virtual', parent = date_id, @@ -148,7 +148,7 @@ local obscured_id = rspamd_config:register_symbol{ name = 'R_SUSPICIOUS_URL', score = 5.0, one_shot = true, - description = 'Obfuscated or suspicious URL has been found in a message', + description = 'Has obfuscated or suspicious URL', group = 'url' } @@ -157,7 +157,7 @@ rspamd_config:register_symbol{ name = 'ZERO_WIDTH_SPACE_URL', score = 7.0, one_shot = true, - description = 'Zero width space in url', + description = 'Zero width space in URL', group = 'url', parent = obscured_id, } @@ -382,7 +382,7 @@ end rspamd_config:register_symbol({ name = 'FREEMAIL_REPLYTO_NEQ_FROM_DOM', callback = freemail_reply_neq_from, - description = 'Freemail From and Reply-To, but to different Freemail services', + description = 'Freemail addresses in From and Reply-To headers, but to different freemail services', score = 3.0, group = 'headers', }) @@ -440,7 +440,7 @@ rspamd_config.OMOGRAPH_URL = { end, score = 5.0, group = 'url', - description = 'Url contains both latin and non-latin characters' + description = 'URL contains both latin and non-latin characters' } rspamd_config.URL_IN_SUBJECT = { @@ -471,8 +471,7 @@ rspamd_config.URL_IN_SUBJECT = { score = 4.0, group = 'subject', type = 'mime', - description = 'URL found in Subject' - + description = 'Subject contains URL' } local aliases_id = rspamd_config:register_symbol{ @@ -697,7 +696,7 @@ rspamd_config.R_BAD_CTE_7BIT = { return false end, score = 3.5, - description = 'Detects bad content-transfer-encoding for text parts', + description = 'Detects bad Content-Transfer-Encoding for text parts', group = 'headers', type = 'mime', } @@ -776,7 +775,7 @@ rspamd_config:register_symbol{ type = 'virtual', parent = check_encrypted_name, name = 'ENCRYPTED_PGP', - description = 'Message is encrypted with pgp', + description = 'Message is encrypted with PGP', group = 'mime_types', score = -0.5, one_shot = true @@ -786,7 +785,7 @@ rspamd_config:register_symbol{ type = 'virtual', parent = check_encrypted_name, name = 'ENCRYPTED_SMIME', - description = 'Message is encrypted with smime', + description = 'Message is encrypted with S/MIME', group = 'mime_types', score = -0.5, one_shot = true @@ -796,7 +795,7 @@ rspamd_config:register_symbol{ type = 'virtual', parent = check_encrypted_name, name = 'SIGNED_PGP', - description = 'Message is signed with pgp', + description = 'Message is signed with PGP', group = 'mime_types', score = -2.0, one_shot = true @@ -806,7 +805,7 @@ rspamd_config:register_symbol{ type = 'virtual', parent = check_encrypted_name, name = 'SIGNED_SMIME', - description = 'Message is signed with smime', + description = 'Message is signed with S/MIME', group = 'mime_types', score = -2.0, one_shot = true diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua index 6be69f6a8..9d112c3be 100644 --- a/rules/regexp/headers.lua +++ b/rules/regexp/headers.lua @@ -61,7 +61,7 @@ reconf['R_NO_SPACE_IN_FROM'] = { re = 'From=/\\S<[-\\w\\.]+\\@[-\\w\\.]+>/X', score = 1.0, mime_only = true, - description = 'No space in from header', + description = 'No space in From header', group = 'headers' } @@ -124,12 +124,12 @@ reconf['R_UNDISC_RCPT'] = { mime_only = true, } --- Detects missing Message-Id +-- Detects missing Message-ID local has_mid = 'header_exists(Message-Id)' reconf['MISSING_MID'] = { re = '!header_exists(Message-Id)', score = 2.5, - description = 'Message id is missing', + description = 'Message-ID header is missing', group = 'headers', mime_only = true, } @@ -149,7 +149,7 @@ reconf['R_MISSING_CHARSET'] = { re = string.format('!is_empty_body() & content_type_is_type(text) & content_type_is_subtype(plain) & !content_type_has_param(charset) & !%s', 'compare_transfer_encoding(7bit)'), score = 0.5, - description = 'Charset is missing in a message', + description = 'Charset header is missing', group = 'headers', mime_only = true, } @@ -163,7 +163,7 @@ local any_outlook_mua = 'X-Mailer=/^Microsoft Outlook\\b/H' reconf['FORGED_OUTLOOK_HTML'] = { re = string.format('!%s & %s & %s', yahoo_bulk, outlook_mua, 'has_only_html_part()'), score = 5.0, - description = 'Forged outlook HTML signature', + description = 'Forged Outlook HTML signature', group = 'headers', mime_only = true, } @@ -201,7 +201,7 @@ local from_needs_mime = 'From=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f-\\xff]/Hr' reconf['FROM_EXCESS_BASE64'] = { re = string.format('%s & !%s', from_encoded_b64, from_needs_mime), score = 1.5, - description = 'From that contains encoded characters while base 64 is not needed as all symbols are 7bit', + description = 'From header is unnecessarily encoded in base64', group = 'excessb64', mime_only = true, } @@ -210,7 +210,7 @@ reconf['FROM_EXCESS_BASE64'] = { reconf['FROM_EXCESS_QP'] = { re = string.format('%s & !%s', from_encoded_qp, from_needs_mime), score = 1.2, - description = 'From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit', + description = 'From header is unnecessarily encoded in quoted-printable', group = 'excessqp' } @@ -220,7 +220,7 @@ local to_needs_mime = 'To=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f-\\xff]/Hr' reconf['TO_EXCESS_BASE64'] = { re = string.format('%s & !%s', to_encoded_b64, to_needs_mime), score = 1.5, - description = 'To that contains encoded characters while base 64 is not needed as all symbols are 7bit', + description = 'To header is unnecessarily encoded in base64', group = 'excessb64' } @@ -229,7 +229,7 @@ reconf['TO_EXCESS_BASE64'] = { reconf['TO_EXCESS_QP'] = { re = string.format('%s & !%s', to_encoded_qp, to_needs_mime), score = 1.2, - description = 'To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit', + description = 'To header is unnecessarily encoded in quoted-printable', group = 'excessqp' } @@ -242,7 +242,7 @@ local replyto_needs_mime = 'Reply-To=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f-\\x reconf['REPLYTO_EXCESS_BASE64'] = { re = string.format('%s & !%s', replyto_encoded_b64, replyto_needs_mime), score = 1.5, - description = 'Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit', + description = 'Reply-To header is unnecessarily encoded in base64', group = 'excessb64' } @@ -253,7 +253,7 @@ local replyto_encoded_qp = 'Reply-To=/\\=\\?\\S+\\?Q\\?/iX' reconf['REPLYTO_EXCESS_QP'] = { re = string.format('%s & !%s', replyto_encoded_qp, replyto_needs_mime), score = 1.2, - description = 'Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit', + description = 'Reply-To header is unnecessarily encoded in quoted-printable', group = 'excessqp' } @@ -266,7 +266,7 @@ local cc_needs_mime = 'Cc=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f-\\xff]/Hr' reconf['CC_EXCESS_BASE64'] = { re = string.format('%s & !%s', cc_encoded_b64, cc_needs_mime), score = 1.5, - description = 'Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit', + description = 'Cc header is unnecessarily encoded in base64', group = 'excessb64' } @@ -277,7 +277,7 @@ local cc_encoded_qp = 'Cc=/\\=\\?\\S+\\?Q\\?/iX' reconf['CC_EXCESS_QP'] = { re = string.format('%s & !%s', cc_encoded_qp, cc_needs_mime), score = 1.2, - description = 'Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit', + description = 'Cc header is unnecessarily encoded in quoted-printable', group = 'excessqp' } @@ -286,7 +286,7 @@ local subj_needs_mime = 'Subject=/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f-\\xff]/ reconf['SUBJ_EXCESS_BASE64'] = { re = string.format('%s & !%s', subj_encoded_b64, subj_needs_mime), score = 1.5, - description = 'Subject is unnecessarily encoded in base64', + description = 'Subject header is unnecessarily encoded in base64', group = 'excessb64' } @@ -294,7 +294,7 @@ local subj_encoded_qp = 'Subject=/\\=\\?\\S+\\?Q\\?/iX' reconf['SUBJ_EXCESS_QP'] = { re = string.format('%s & !%s', subj_encoded_qp, subj_needs_mime), score = 1.2, - description = 'Subject is unnecessarily encoded in quoted-printable', + description = 'Subject header is unnecessarily encoded in quoted-printable', group = 'excessqp' } @@ -339,7 +339,7 @@ reconf['FORGED_MUA_OUTLOOK'] = { re = string.format('(%s | %s) & !%s & !%s & !%s', forged_oe, forged_outlook_dollars, fmo_excl_o3416, fmo_excl_oe3790, vista_msgid), score = 3.0, - description = 'Forged outlook MUA', + description = 'Forged Outlook MUA', group = 'mua' } @@ -362,21 +362,21 @@ reconf['FORGED_OUTLOOK_TAGS'] = { reconf['SUSPICIOUS_BOUNDARY'] = { re = 'Content-Type=/^\\s*multipart.+boundary="----=_NextPart_000_[A-Z\\d]{4}_(00EBFFA4|0102FFA4|32C6FFA4|3302FFA4)\\.[A-Z\\d]{8}"[\\r\\n]*$/siX', score = 5.0, - description = 'Suspicious boundary in header Content-Type', + description = 'Suspicious boundary in Content-Type header', group = 'mua' } -- Forged OE/MSO boundary reconf['SUSPICIOUS_BOUNDARY2'] = { re = 'Content-Type=/^\\s*multipart.+boundary="----=_NextPart_000_[A-Z\\d]{4}_(01C6527E)\\.[A-Z\\d]{8}"[\\r\\n]*$/siX', score = 4.0, - description = 'Suspicious boundary in header Content-Type', + description = 'Suspicious boundary in Content-Type header', group = 'mua' } -- Forged OE/MSO boundary reconf['SUSPICIOUS_BOUNDARY3'] = { re = 'Content-Type=/^\\s*multipart.+boundary="-----000-00\\d\\d-01C[\\dA-F]{5}-[\\dA-F]{8}"[\\r\\n]*$/siX', score = 3.0, - description = 'Suspicious boundary in header Content-Type', + description = 'Suspicious boundary in Content-Type header', group = 'mua' } -- Forged OE/MSO boundary @@ -385,7 +385,7 @@ local suspicious_boundary_01C4_date = 'Date=/^\\s*\\w\\w\\w,\\s+\\d+\\s+\\w\\w\\ reconf['SUSPICIOUS_BOUNDARY4'] = { re = string.format('(%s) & (%s)', suspicious_boundary_01C4, suspicious_boundary_01C4_date), score = 4.0, - description = 'Suspicious boundary in header Content-Type', + description = 'Suspicious boundary in Content-Type header', group = 'mua' } @@ -502,18 +502,16 @@ reconf['FORGED_MUA_POSTBOX_MSGID_UNKNOWN'] = { group = 'mua' } - -- Message id validity local sane_msgid = 'Message-Id=/^\\\\ \\t\\n\\r\\x0b\\x80-\\xff]+\\@[^<>\\\\ \\t\\n\\r\\x0b\\x80-\\xff]+>?\\s*$/H' local msgid_comment = 'Message-Id=/\\(.*\\)/H' reconf['INVALID_MSGID'] = { re = string.format('(%s) & !((%s) | (%s))', has_mid, sane_msgid, msgid_comment), score = 1.7, - description = 'Message id is incorrect', + description = 'Message-ID header is incorrect', group = 'headers' } - -- Only Content-Type header without other MIME headers local cd = 'header_exists(Content-Disposition)' local cte = 'header_exists(Content-Transfer-Encoding)' @@ -527,7 +525,6 @@ reconf['MIME_HEADER_CTYPE_ONLY'] = { group = 'headers' } - -- Forged Exchange messages local msgid_dollars_ok = 'Message-Id=/[0-9a-f]{4,}\\$[0-9a-f]{4,}\\$[0-9a-f]{4,}\\@\\S+/H' local mimeole_ms = 'X-MimeOLE=/^Produced By Microsoft MimeOLE/H' @@ -543,7 +540,7 @@ reconf['RATWARE_MS_HASH'] = { reconf['STOX_REPLY_TYPE'] = { re = 'Content-Type=/text\\/plain; .* reply-type=original/H', score = 1.0, - description = 'Reply-type in content-type', + description = 'Reply-type in Content-Type header', group = 'headers' } @@ -553,7 +550,7 @@ local from_yahoo_com = 'From=/\\@yahoo\\.com\\b/iH' reconf['FORGED_MSGID_YAHOO'] = { re = string.format('(%s) & !(%s)', at_yahoo_msgid, from_yahoo_com), score = 2.0, - description = 'Forged yahoo msgid', + description = 'Forged Yahoo Message-ID header', group = 'headers' } @@ -575,7 +572,7 @@ local rcvd_e_mail_ru = 'Received=/^(?:from \\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\ reconf['MAIL_RU_MAILER'] = { re = string.format('(%s) & (%s)', xm_mail_ru_mailer_1_0, rcvd_e_mail_ru), score = 0.0, - description = 'Sent with Mail.Ru web-mail', + description = 'Sent with Mail.Ru webmail', group = 'headers' } @@ -585,7 +582,7 @@ local rcvd_web_yandex_ru = 'Received=/^by web\\d{1,2}[a-z]\\.yandex\\.ru with HT reconf['YANDEX_RU_MAILER'] = { re = string.format('(%s) & (%s)', xm_yandex_ru_mailer_5_0, rcvd_web_yandex_ru), score = 0.0, - description = 'Sent with yandex.ru web-mail', + description = 'Sent with Yandex webmail', group = 'headers' } @@ -611,7 +608,7 @@ local double_ip_spam_2 = 'Received=/from\\s+\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d reconf['RCVD_DOUBLE_IP_SPAM'] = { re = string.format('(%s) | (%s)', double_ip_spam_1, double_ip_spam_2), score = 2.0, - description = 'Two received headers with ip addresses', + description = 'Has two Received headers containing bare IP addresses', group = 'headers' } @@ -620,7 +617,7 @@ local repto_quote = 'Reply-To=/\\".*\\"\\s*\\