From 3712e42ce6d2f46d36f729b5684e7ac67afac76e Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Mon, 4 Dec 2017 16:39:59 +0200 Subject: [PATCH] [Feature] Hash whitelist for fuzzy_check --- src/plugins/fuzzy_check.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/plugins/fuzzy_check.c b/src/plugins/fuzzy_check.c index 0a3d3803a..c078940a8 100644 --- a/src/plugins/fuzzy_check.c +++ b/src/plugins/fuzzy_check.c @@ -88,6 +88,7 @@ struct fuzzy_rule { gboolean fuzzy_images; gboolean short_text_direct_hash; gint learn_condition_cb; + struct rspamd_map *skip_map; }; struct fuzzy_ctx { @@ -414,6 +415,15 @@ fuzzy_parse_rule (struct rspamd_config *cfg, const ucl_object_t *obj, rule->learn_condition_cb = -1; rule->alg = RSPAMD_SHINGLES_OLD; + if ((value = ucl_object_lookup (obj, "skip_hashes")) != NULL) { + rspamd_map_add_from_ucl (cfg, value, + "Fuzzy hashes whitelist", rspamd_kv_list_read, rspamd_kv_list_fin, + (void **)&rule->skip_map); + } + else { + rule->skip_map = NULL; + } + if ((value = ucl_object_lookup (obj, "mime_types")) != NULL) { it = NULL; while ((cur = ucl_object_iterate (value, &it, value->type == UCL_ARRAY)) @@ -800,6 +810,15 @@ fuzzy_check_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) 0, NULL, 0); + rspamd_rcl_add_doc_by_path (cfg, + "fuzzy_check.rule", + "Whitelisted hashes map", + "skip_hashes", + UCL_STRING, + NULL, + 0, + NULL, + 0); rspamd_rcl_add_doc_by_path (cfg, "fuzzy_check.rule", "Set of mime types (in form type/subtype, or type/*, or *) to check with fuzzy", @@ -1805,6 +1824,7 @@ fuzzy_insert_result (struct fuzzy_client_session *session, const gchar *type = "bin"; struct fuzzy_client_result *res; gboolean is_fuzzy = FALSE; + gchar hexbuf[rspamd_cryptobox_HASHBYTES * 2 + 1]; /* Get mapping by flag */ if ((map = @@ -1881,6 +1901,14 @@ fuzzy_insert_result (struct fuzzy_client_session *session, } if (map != NULL || !session->rule->skip_unknown) { + if (session->rule->skip_map) { + rspamd_encode_hex_buf (cmd->digest, sizeof (cmd->digest), + hexbuf, sizeof (hexbuf) - 1); + hexbuf[sizeof (hexbuf) - 1] = '\0'; + if (g_hash_table_lookup (session->rule->skip_map, hexbuf)) { + return; + } + } rspamd_snprintf (buf, sizeof (buf), "%d:%*xs:%.2f:%s", -- 2.39.5