|
|
|
|
|
|
|
|
symbol_good = 'MIME_GOOD', |
|
|
symbol_good = 'MIME_GOOD', |
|
|
symbol_attachment = 'MIME_BAD_ATTACHMENT', |
|
|
symbol_attachment = 'MIME_BAD_ATTACHMENT', |
|
|
symbol_encrypted_archive = 'MIME_ENCRYPTED_ARCHIVE', |
|
|
symbol_encrypted_archive = 'MIME_ENCRYPTED_ARCHIVE', |
|
|
|
|
|
symbol_obfuscated_archive = 'MIME_OBFUSCATED_ARCHIVE', |
|
|
symbol_exe_in_gen_split_rar = 'MIME_EXE_IN_GEN_SPLIT_RAR', |
|
|
symbol_exe_in_gen_split_rar = 'MIME_EXE_IN_GEN_SPLIT_RAR', |
|
|
symbol_archive_in_archive = 'MIME_ARCHIVE_IN_ARCHIVE', |
|
|
symbol_archive_in_archive = 'MIME_ARCHIVE_IN_ARCHIVE', |
|
|
symbol_double_extension = 'MIME_DOUBLE_BAD_EXTENSION', |
|
|
symbol_double_extension = 'MIME_DOUBLE_BAD_EXTENSION', |
|
|
|
|
|
|
|
|
end |
|
|
end |
|
|
local arch = p:get_archive() |
|
|
local arch = p:get_archive() |
|
|
|
|
|
|
|
|
|
|
|
-- TODO: migrate to flags once C part is ready |
|
|
if arch:is_encrypted() then |
|
|
if arch:is_encrypted() then |
|
|
task:insert_result(settings.symbol_encrypted_archive, 1.0, filename) |
|
|
task:insert_result(settings.symbol_encrypted_archive, 1.0, filename) |
|
|
task:insert_result('MIME_TRACE', 0.0, |
|
|
task:insert_result('MIME_TRACE', 0.0, |
|
|
|
|
|
|
|
|
}) |
|
|
}) |
|
|
task:insert_result('MIME_TRACE', 0.0, |
|
|
task:insert_result('MIME_TRACE', 0.0, |
|
|
string.format("%s:%s", p:get_id(), '-')) |
|
|
string.format("%s:%s", p:get_id(), '-')) |
|
|
|
|
|
elseif arch:is_obfuscated() then |
|
|
|
|
|
task:insert_result(settings.symbol_obfuscated_archive, 1.0, { |
|
|
|
|
|
'obfuscated archive', |
|
|
|
|
|
filename, |
|
|
|
|
|
}) |
|
|
|
|
|
task:insert_result('MIME_TRACE', 0.0, |
|
|
|
|
|
string.format("%s:%s", p:get_id(), '-')) |
|
|
end |
|
|
end |
|
|
|
|
|
|
|
|
if check then |
|
|
if check then |
|
|
|
|
|
|
|
|
parent = id, |
|
|
parent = id, |
|
|
group = 'mime_types', |
|
|
group = 'mime_types', |
|
|
}) |
|
|
}) |
|
|
|
|
|
rspamd_config:register_symbol({ |
|
|
|
|
|
type = 'virtual', |
|
|
|
|
|
name = settings['symbol_obfuscated_archive'], |
|
|
|
|
|
parent = id, |
|
|
|
|
|
group = 'mime_types', |
|
|
|
|
|
}) |
|
|
rspamd_config:register_symbol({ |
|
|
rspamd_config:register_symbol({ |
|
|
type = 'virtual', |
|
|
type = 'virtual', |
|
|
name = settings['symbol_exe_in_gen_split_rar'], |
|
|
name = settings['symbol_exe_in_gen_split_rar'], |