Vsevolod Stakhov
6 years ago
1 changed files with 97 additions and 0 deletions
+ 97
- 0
rules/misc.lua
View File
| @@ -639,3 +639,100 @@ rspamd_config.R_BAD_CTE_7BIT = { | |||
| description = 'Detects bad content-transfer-encoding for text parts', | |||
| group = 'headers' | |||
| } | |||
| local check_encrypted_name = rspamd_config:register_symbol{ | |||
| name = 'BOGUS_ENCRYPTED_AND_TEXT', | |||
| callback = function(task) | |||
| local parts = task:get_parts() or {} | |||
| local seen_encrypted, seen_text | |||
| local opts = {} | |||
| local function check_part(part) | |||
| if part:is_multipart() then | |||
| local children = part:get_children() or {} | |||
| for _,cld in ipairs(children) do | |||
| if cld:is_multipart() then | |||
| check_part(cld) | |||
| elseif cld:is_text() then | |||
| seen_text = true | |||
| else | |||
| local type,subtype,attrs = cld:get_type_full() | |||
| if type:lower() == 'application' then | |||
| if string.find(subtype:lower(), 'pkcs7%-mime') then | |||
| -- S/MIME encrypted part | |||
| seen_encrypted = true | |||
| table.insert(opts, 'smime part') | |||
| task:insert_result('ENCRYPTED_SMIME', 1.0) | |||
| elseif string.find(subtype:lower(), 'pkcs7%-signature') then | |||
| task:insert_result('SIGNED_SMIME', 1.0) | |||
| elseif string.find(subtype:lower(), 'pgp%-encrypted') then | |||
| -- PGP/GnuPG encrypted part | |||
| seen_encrypted = true | |||
| table.insert(opts, 'pgp part') | |||
| task:insert_result('ENCRYPTED_PGP', 1.0) | |||
| elseif string.find(subtype:lower(), 'pgp%-signature') then | |||
| task:insert_result('SIGNED_PGP', 1.0) | |||
| end | |||
| end | |||
| end | |||
| end | |||
| end | |||
| end | |||
| for _,part in ipairs(parts) do | |||
| check_part(part) | |||
| end | |||
| if seen_text and seen_encrypted then | |||
| return true, 1.0, opts | |||
| end | |||
| return false | |||
| end, | |||
| score = 10.0, | |||
| description = 'Bogus mix of encrypted and text/html payloads', | |||
| group = 'mime_types' | |||
| } | |||
| rspamd_config:register_symbol{ | |||
| type = 'virtual', | |||
| parent = check_encrypted_name, | |||
| name = 'ENCRYPTED_PGP', | |||
| description = 'Message is encrypted with pgp', | |||
| group = 'mime_types', | |||
| score = -0.5, | |||
| one_shot = true | |||
| } | |||
| rspamd_config:register_symbol{ | |||
| type = 'virtual', | |||
| parent = check_encrypted_name, | |||
| name = 'ENCRYPTED_SMIME', | |||
| description = 'Message is encrypted with smime', | |||
| group = 'mime_types', | |||
| score = -0.5, | |||
| one_shot = true | |||
| } | |||
| rspamd_config:register_symbol{ | |||
| type = 'virtual', | |||
| parent = check_encrypted_name, | |||
| name = 'SIGNED_PGP', | |||
| description = 'Message is signed with pgp', | |||
| group = 'mime_types', | |||
| score = -2.0, | |||
| one_shot = true | |||
| } | |||
| rspamd_config:register_symbol{ | |||
| type = 'virtual', | |||
| parent = check_encrypted_name, | |||
| name = 'SIGNED_SMIME', | |||
| description = 'Message is signed with smime', | |||
| group = 'mime_types', | |||
| score = -2.0, | |||
| one_shot = true | |||
| } | |||
Loading…